Cloud platform and device security

The best protection possible will be achieved by combining software security mechanisms with robust hardware-based security capabilities based on globally accepted industrial and IT security standards:

Our OPTIGA™ portfolio of security solutions provides the strongest form of identity and integrity protection, secured key provisioning and lifecycle management of cloud-connected edge and end-point devices. Through their rich encryption functionality, our OPTIGA™ TPM security controllers offer robust protection for critical data and processes residing on cloud servers, edge servers, and high-performance edge devices. OPTIGA™ Trust X and OPTIGA™ Trust M are ideally suited to securely connecting end nodes to trustworthy edge devices and to cloud networks.

Our security solutions are being validated by leading global cloud service providers, e.g. Amazon Web Services (AWS) and Microsoft Azure etc., to confirm ease of integration and optimum interoperability in their platform architectures.

Cloud connectivity based on our solutions is faster and more secure than a software-only approach. We deliver hardware-based security solutions designed specifically to harden the identity and protect the integrity of cloud- and edge-connected devices.
The OPTIGA™ security solutions serve the entire cloud ecosystem:

• cloud service and platform providers
• manufacturers of ICT server equipment and high-performance edge devices such as gateways
• makers of connected industrial and consumer IoT devices and IoT end nodes such as sensors.

Integration and deployment made easy

All of our OPTIGA™ products are characterized by ease of integration and compliance with rigorous cloud security standards. Standout features include a lightweight host code for easier deployment, ready-to-use toolkits, and open-source software stacks.

Reflecting our commitment to ease of deployment, we complement our best-in-class hardware with a software development environment that simplifies the integration and secured delivery of IoT applications for customers. Much of this work is open source and available on public repositories such as github.

From manufacturing to de-commissioning, developers must protect their IoT application from hacks and safeguard user privacy through every stage of their application's lifecycle. Cypress has collaborated with Amazon Web Services (AWS) to make device management secure, easy-to-use, and cost-effective with Cypress' PSoC® 64 Standard Secure - AWS MCU and AWS IoT Core.

Secure

The Arm® Cortex®-M0+ core in the PSoC 64 Standard Secure AWS MCU serves as a security co-processor, isolated from the Arm Cortex-M4 core. This security co-processor comes configured with a hardware-based root-of-trust and runs Trusted Firmware-M security firmware, enabling secure boot and secure firmware updates along with other secure services.

Easy-to-use

PSoC 64 AWS Standard Secure MCUs have been FreeRTOS™ qualified and designed to work seamlessly with AWS IoT Core. All a developer needs to do is focus on their application running on the Arm Cortex-M4 core. Secure firmware deployed on the Arm Cortex-M0+ core takes care of the rest. Wireless connectivity stacks for Cypress Wi-Fi® and Bluetooth® products are natively supported, helping to speed up development time.

Cost-effective

PSoC 64 Secure MCUs can be securely provisioned and deployed at scale. Cypress has worked with third-party HSM and programming partners to deliver cost-effective, secure provisioning services, eliminating the cost and overhead in deploying your own secure HSM. In addition, PSoC 64 MCUs can be provisioned using off-the-shelf inventory without restrictive procurement terms.

Learn more: AWS IoT Core

Download: Device Management with PSoC 64 Secure MCUs and AWS IoT

This Industry 4.0 scenario shows the connection of a smart, secured and energy-efficient IoT end node (smart pump) to the AWS cloud. It illustrates how Infineon products have been integrated to deliver on the key drivers and success factors for smart factories:

• Energy efficiency
• Smart & highly connected factories (supporting industrial buses, interfaces, etc.)
• Robust security and protection of the device ID
• Integration with on-premises cloud & cloud concepts (Amazon FreeRTOS, AWS IoT Greengrass)

The diagram shows a smart aircon and a smart lighting use case. The lighting and aircon systems are controlled by an AI sensor hub, which communicates with the Amazon Web Services (AWS) platform over a secured connection.

One key function of the AI sensor hub is to detect the presence of home occupants and determine what zone they are in. It uses Infineon’s XENSIV™ 24 GHz radar sensor to do this.

This information is then sent to the AWS cloud securely thanks to OPTIGA™ Trust X, which is a tamper-resistant hardware trust anchor that securely stores the private keys and certificates.

AWS processes the information and sends commands back to the smart home, for example turning the aircon on/off or adjusting the fan speed and swing mode depending on the location of the occupants.

In addition to securing the data exchanged between the smart home hub and AWS, OPTIGA™ Trust X can be used as a trust anchor to verify the identity of these smart devices by means of mutual authentication.

• Using a Trusted Platform Module for endpoint device security in AWS IoT Greengrass - Learn more
• AWS IoT Greengrass Hardware Security Integration: Provide hardware-based endpoint device security with Infineon's OPTIGA™ TPM SLx 9670 - Learn more

• Getting Started with the Infineon OPTIGA Trust X and XMC4800 IoT Connectivity Kit - Learn more
• Getting Started with the Infineon OPTIGA Trust M and XMC4800 IoT Connectivity Kit - Learn more
• Securing Amazon FreeRTOS devices at scale with Infineon OPTIGA Trust X - Learn more

First Steps to start working with the OPTIGA^TM TPM on Azure IoT edge - Learn more