OPTIGA™ TRUST X SLS 32AIA

An IoT device needs to prove its identity to other devices in the network and to verify the identity of those devices as well. The mutual authentication feature of OPTIGA™ Trust X supports secured device authentication.

Many IoT devices collect and store valuable data and receive commands from a network. In order to protect critical data on the network and thus the applications running on the device, OPTIGA™ Trust X offers a secured communication feature. It supports the TLS and DTLS protocols to protect against eavesdropping, tampering and message forgery.

For memory-constrained devices, a fully integrated DTLS client is available, eliminating the need for an additional cryptographic library to create a secure communication solution.

In many cases, software running on a microcontroller contains valuable company IP that may hold the key to the company’s competitive edge. To protect this IP, OPTIGA™ Trust X supports one-way ECC-256-based authentication.

To activate this IP protection feature, customers can integrate multiple checks into their software, using the one-way OPTIGA™ Trust X authentication capabilities. The code will only ever run if this authentication process is successfully executed. This feature protects customer IP against simple image cloning.

Power efficiency is particularly important in battery-powered devices. OPTIGA™ Trust X enables users to set a maximum power consumption limit in a range from 6 to 15 mA. The autonomous go-to-sleep feature also helps to conserve power; it can be set to a delay anywhere in the range between 20 ms and 255 ms.

During software updates, it can be challenging to protect both the software itself as well as the device that is being updated. Updates protected by software only are at risk as software can typically be read, analyzed and modified to compromise the update or system.

However, software can become trustworthy by combining it with secured hardware. OPTIGA^TM Trust X protects the processing and storage of code by means of encryption, fault and manipulation detection, and secured code and data storage.

Device integrity needs to be verified in order to detect unauthorized changes. Protecting the boot process is one of the most effective ways of doing this. Also known as secured, verified or trusted boot, boot access protection blocks unauthorized booting of computing devices to stop compromised devices from exchanging data over the IoT.

OPTIGA^TM Trust X offers a set of features to enhance boot protection, also off-loading complex, compute-intensive cryptography functions from the IoT device.

IoT environments can make it difficult for manufacturers to protect their ecosystem. For example, if a manufacturer produces both a main system and a smaller accessory or spare part, they may be keen to also secure revenue from spare part sales and harden the main system against lower-quality counterfeit products.

OPTIGA™ Trust X offers a one-way authentication feature so that the main device or server can easily authenticate the new accessory or spare part.

• Secured data storage and key provisioning
• Lifecycle management