Icon Labs partners with Infineon on PKI Management Solution for OPTIGA TPM

Icon Labs announced its IoT Certificate management solution supports Infineon Technologies’ OPTIGA Trusted Platform Module (TPM). The partnership enables device manufacturers to manage PKI (Public Key Infrastructure) certificates throughout the product lifecycle using the OPTIGA TPM, including support for certificate injection during device manufacturing. Instead of having to manually install a certificate into each device, the device comes off the assembly line with a PKI certificate already installed. Infineon`s OPTIGA TPM chip complies with the internationally recognized security standards of the Trusted Computing Group.  

Security is a critical requirement for the IoT, and strong device authentication, using widely adopted PKI technology, enables managed security solutions for IoT deployments. Icon Labs’ Floodgate Certificate Authority and Floodgate PKI Client allow manufacturers to incorporate certificate-based authentication using the OPTIGA TPM for secure key storage. Capabilities include certificate creation during the manufacturing process using private keys stored in the TPM, certificate creation during device provisioning, and certificate management throughout the life of the device.

Icon Labs provides both the client- and server-sides of the PKI solution required to automate secure provisioning and enrollment. The Floodgate PKI Client is compatible with public and private CAs, providing the flexibility to operate a private PKI system without dependence on a public CA or to operate within the hierarchy of a public CA. The OPTIGA TPM securely stores the keys, the Floodgate Factory CA Server creates device authentication certificates, and the Floodgate PKI Client enables a connection in the field to a CA for issuance of TLS and other run-time certificates. The certificates create a Root of Trust enabling secure machine-to-machine communications, using keys secured by the OPTIGA TPM.

Creating a signed certificate during manufacturing requires several steps. First, the Floodgate PKI Client requests the OPTIGA TPM to generate a new public-private key pair. Using this key pair, a certificate signing request (CSR) is created while the private key does not leave the TPM. The Floodgate PKI Client sends the CSR to the Factory CA Server, which signs the request and returns a signed certificate to the PKI Client. This certificate can then be used to authenticate the device when the device is provisioned in the field.

Latest News from

Infineon simplifies speed measuring sensor designs
Infineon: smart power switches with PROFET+2 and High Current PROFET
Infineon: preventing cyber-attacks in rescue services
Infineon starts volume production of first full-SiC-module
Infineon: intelligent power module CIPOS Mini integrates power factor correction
Icon Labs partners with Infineon on PKI Management Solution for OPTIGA TPM
Infineon: flyback controller and integrated power IC CoolSET family

Grammatech talks about the importance of software in engineering

In this video Mark Hermeling of Grammatech talks to Alix Paultre after the Embedded World show in Nuremberg about the importance of software verification for security and safety in electronic design. ...


Lattice Semi walks through their booth demos at Embedded World

In this video Lattice Semiconductor walks us through their booth demonstrations at Embedded World 2018. The live demonstrations include an operating IoT remote vehicle, a low-power network used for vi...


Maxim describes their latest security solution at Embedded World 2018

In this video Scott from Maxim Integrated describes their latest security solution at Embedded World 2018. In the live demo he shows the DS28E38 DeepCover Secure ECDSA Authenticator, an ECDSA public k...


Garz & Fricke at Embedded World 2018 - Embedded HMIs and SBCs “Made in Germany”

You are looking for a HMI-system or single components as touches, displays and ARM-based SBCs? Welcome at Garz & Fricke – the Embedded HMI Company! Our offering ranges from typical single co...


ECRIN Systems myOPALE: Remote Embedded Modular Computers

myOPALE™ offers disruptive technology to multiply capabilities of your next Embedded Computers in a smaller foot print thanks to PCI Express® over Cable interconnect, standard 5.25’&rs...


TechNexion rolls out embedded systems, modules, Android Things kits at Embedded World 2018

In this video John Weber of TechNexion talks to Alix Paultre about how the company helps its customers getting products to market faster. By choosing to work with TechNexion, developers can take advan...


Mike Barr talks cybersecurity

In this video Mike Barr, CEO of the Barr Group, talks to Alix Paultre about cybersecurity at the Embedded World conference in Nuremberg, Germany. Too many designers, even in critical spaces like milit...


Ted Marena of Microsemi talks about their scope-free on-chip debug tools

In this video Ted Marena of Microsemi talks about their scope-free on-chip debug tools with Alix Paultre at Embedded World 2018. SmartDebug tool works with the Microsemi FPGA array and SERDES without ...


Infineon demonstrates their iMotion motor control solution at Embedded World

In this video Infineon explains their latest  IMC100 series iMOTION motor control IC at Embedded World 2018 in Nuremberg. The device provides a ready-to-use solution for high-efficiency variable-...


Samsung goes over their new ARTIK IoT development system

In this video James Stansberry of Samsung talks to Alix Paultre about their ARTIK IoT development system at Embedded World in Nuremberg. The family of system-on-modules provide a complete, production-...


Cypress explains their latest low-power 32-bit Arm Cortex-M4 PSoC 6

In this video Allen Hawes of Cypress Semiconductor talks to Alix Paultre about their latest low-power 32-bit Arm Cortex-M4 PSoC 6, designed to provide a secure high-performance MCU for next-generation...