Software update Over The Air (SOTA) secured by Infineon`s security controllers

Updating software over the air (internet connection) requires a complex security system

High expenses at vehicle manufacturers for fixing software issues by costly recalls are driving their desire to use mobile communication channels in order to remotely execute software updates over the air (SOTA).
The benefits of this remote update are really compelling, but the security aspect and with it the potential consequences on the car’s safety need to be considered.
An insufficiently secured external connection, which is used to run software updates, could open up the door for potential hackers to the complete board net architecture of the car und thus its safety systems.  So in the end a driver’s life could be dependent on the security protection mechanism of the vehicle.
Infineon’s security controllers are offering security protection for different use cases in a SOTA system. The graphic below shows a simplified proposal of a SOTA system architecture, where dedicated security controllers are taking over specific security functions.

SOTA brings many advantages

The telematics control unit connects the car to the outside world and thereby enables numerous new applications and functionalities. Software in different ECUs can be updated remotely, to either add new features or remove any software bugs that might be found during operation. This reduces the number of recalls and related costs and increases customer satisfaction. The possibility of adding new features opens up the door for new business models and revenue streams.

System & application features

  • Realizing benefits of SOTA without risking safety of the car through holistic security architecture
  • Avoiding reputation damage caused by potential hacks enabled by insufficient security
  • Optimized certified security solutions at reasonable costs
  • Reliable AEC Q100 qualified security solutions

Infineon’s scalable security solutions (discrete or HSM on microcontroller) offer optimized security for the specific use cases and functions in the different ECUs, which are affected by the software update.

  • SLI 76 / SLI 97 familys enable as embedded SIM cards the connection of the car to the internet.
  • The security certified OPTIGA™ TPM offers besides cryptographic operations a tamper resistant key store for high sensible credentials, and thereby secures not only the sensible external interfaces of the car but also the vehicle supply chain.
  • The HSM of the AURIX™ microcontroller family supplies important on-site security measures in each involved ECU (Telematics, Gateway, Target ECU)


  • eCall
  • Remote diagnostics
  • Payment systems
  • Software update
  • Feature upgrades
  • Internet services
Highlight products
SLB 9670 OPTIGA™ TPM (Trusted Platform Module), TPM2.0 詳細
AURIX™ family Scalable microcontroller family with HSM 詳細
SLI97 / 76 family Embedded SIM card to realize internet connextivity






TPMはメーカーのサーバーとリンクするセキュアな接続を確立し、システムの完全性を検証することで、通信の当事者間に信頼関係を強化し、走行中の 車のソフトウェア・アップデートなどの操作に安全性を提供します。こうした操作では鍵が秘匿されることが大前提なので、TPMは高度なセキュリティが認証 されたキーストアに秘密鍵を収めて保護します。トラステッド・プラットフォーム・モジュールでは、長年の実績があるセキュリティ規格を再利用して、優れた セキュリティの提供とコスト削減を両立させます。


セキュリティの良し悪しは、開発や製造の各工程に適用されるセキュリティ・プロセスの品質にも依存します。インフィニオンの TPM開発プロセスは、コモン・クライテリア認定を取得済みです。また、インフィニオンのTPMの製造とカスタマイズは、外部の監査と認証を受けた製造プ ロセスで行われます。このように第三者の手で厳密に管理されたセキュリティ・プロセスは、インフィニオンのTPMが高品質のセキュリティを達成するために 欠かせないものです。

パーソナライズとは、各トラステッド・プラットフォーム・モジュールに固有の証明書と秘密鍵を与えることを意味します。秘密鍵は、自動車メーカー (OEM)や部品供給事業者の製造工程で鍵などの機密データを電子制御ユニットに伝送する際に、それらを暗号化するために使用できます。製造工程で鍵を標 準テキストで扱うとすればセキュリティ対策が別途必要ですが、そういった措置を省くことができるので、製造時のコスト削減とセキュリティ向上が得られま す。




Security Solutions with AURIX™ and OPTIGA™ TPM

Car Security Glossary

Join our free webinar "Security solutions for today’s connected car"

Download Infographic