增强现实与数字世界的连接OPTIGA TRUST M SLS32AIA
安全的云服务配置—便捷之道!
OPTIGA™ Trust M是一款高端安全解决方案,为物联网设备接入云端提供了一个可信任锚,从而为每一台物联网设备赋予唯一身份。这种预个性化交钥匙解决方案具备安全功能的易于集成与实现快速接入云服务所需的高性能。
OPTIGA™ Trust M具备多种安全特性,使其成为工业和楼宇自动化应用、智能家居和联网消费类设备的理想选择。
支持全系统集成的交钥匙方式可最大限度减少设计、集成和部署工作量。
OPTIGA™ Trust M提供两种温度范围:
- 对于大多数商用场合而言, SLS32AIA010I3标准温度范围为-25至+85°C
- 对于极端的工业环境,SLS32 AIA010I2工作温度范围扩大为-40至+105°C
OPTIGA™ Trust M的开源主机代码可随时获取!
OPTIGA™ Trust M的开源主机代码立即提供!
> 获取主机代码和文档 (github.com/Infineon/optiga-trust-m2-id2)
客户可以从与开发人员的直接沟通中获益,并且可以直接获得新版本、新功能及漏洞修复相关信息。无论是集成标准的开源加密软件库,还是将主控代码集成于其他系统,现在都很容易做到。主控代码按照MIT许可证进行许可。
OPTIGA™Trust M2 ID2是一款基于安全微控制器的安全解决方案。设备可以按不同的需求设定不同的配置项。设备中包含一个满足设备唯一性的AES对称密钥和一个设备ID(ALI ID2预分配)。OPTIGA™ Trust M2 ID2可以轻松集成到阿里云物联网应用中。
特征描述
- 高安全级安全芯片
- 基于CC EAL6+ 高安全等级认证的安全控制器
- 交匙钥式的整体解决方案
- 10kB 用户存储空间
- PG-USON-10-2 封装 (3 x 3 mm)
- 温度范围 (−40°C to +105°C)
- 带有线路加密(Shielded Connection)功能的I2C 通讯接口
- 加密算法支持:
- RSA® 最高2048位长度密钥
- AES 最高256位长度密钥 , HMAC 最高可支持SHA512
- TLS v1.2 PRF 以及 HKDF算法最高可支持 SHA512
- 加密工具包中支持 SHA-256, RSA® , AES, HMAC 和 密钥分散算法
- 支持阿里云Link ID²物联网安全通证
- 可配置的设备安全监控器, 4 个单向计数器
- 受保护(完整性 与/或 私密性) 的数据,密钥,证书等对象的更新
- 零电流消耗的休眠模式
- 满足面向工业自动化及基础设施应用的15至20年长效生命周期
潜在应用
- 工业和楼宇自动化
- 智能家居
- 消费类设备
- 无人机
Use cases
An IoT device needs to prove its identity to other networked devices and to verify the identity of all other networked devices. The mutual authentication feature of OPTIGA™ Trust M supports secured device authentication.
Many IoT devices collect and store valuable data, while also receiving commands over the IoT network. In order to protect critical data transferred over the network and thus the applications running on the device, OPTIGA™ Trust M offers a secured communication feature. It supports the TLS and DTLS protocols to protect against eavesdropping, tampering and message forgery.
In many cases, software running on a microcontroller contains valuable company IP that may be key to the company’s competitive edge. To protect this IP, OPTIGA™ Trust M supports one-way ECC-384-based authentication.
To activate this IP protection feature, customers can integrate multiple checks into their software, using the one-way OPTIGA™ Trust M authentication capabilities. The code will only ever run if this authentication process is successfully executed. This feature protects customer IP against simple image cloning.
Power efficiency is particularly important in battery-run devices. OPTIGA™ Trust M enables users to set a maximum power consumption limit in a range from 6 to 15 mA. The autonomous go-to-sleep feature also helps to conserve power; it can be set to a delay anywhere in the range between 20 ms and 255 ms.
During software updates, it can be challenging to protect both the software itself and the device that is being updated. Software updates that are protected with dedicated hardware security features achieve a higher level of security.
OPTIGA™ Trust M protects the processing and storage of code by means of encryption, fault and manipulation detection, as well as secured code and data storage.
Device integrity needs to be verified in order to detect unauthorized changes. Protecting the boot process is one of the most effective ways of doing this. Also known as secured, verified or trusted boot, boot access protection blocks unauthorized booting of computing devices to stop compromised devices from exchanging data over the IoT.
OPTIGA™ Trust M offers a set of features to enhance boot protection, also offloading complex, compute-intensive cryptography functions of the IoT device.
IoT environments can make it difficult for manufacturers to protect their ecosystem. For example, if a manufacturer produces both a main system and a smaller accessory or spare part, they may be keen to harden the main system against lower-quality counterfeit products.
OPTIGA™ Trust M offers a one-way authentication feature so that the main device or server can easily authenticate the new accessory or spare part.
- Secured data storage and key provisioning
- Lifecycle management
