Cross-signed endorsement certificates for Trusted Platform Modules (TPM) enable system integrators and solution operators to securely enroll devices with minimum effort
GMO GlobalSign, a global Certificate Authority (CA) and leading provider of identity and security solutions for the Internet of Things (IoT), and semiconductor manufacturer Infineon Technologies AG, today announced a solution that secures, simplifies, and streamlines device enrollment into Microsoft Azure IoT Hub and IoT Hub Device Provisioning Service. The collaboration eases complex device identity integration challenges and delivers a proven path for IoT device security literally from chip to cloud.
Central to the solution is the cross-signing of Infineon’s on-premises CA, by GlobalSign’s globally recognized and WebTrust audited CA, expanding the trustworthiness of the endorsement certificates that Infineon self-issues and flashes onto each of their OPTIGA™ TPM SLM 9670, and making them verifiable up to the GlobalSign Root CA. With a globally recognized and trusted endorsement certificate, each Infineon TPM can then connect to GlobalSign’s IoT Edge Enroll Registration Authority on the IoT Identity Platform anytime throughout their lifecycle to be seamlessly enrolled into Azure with verifiable identity and security confidence.
“A healthy and secure IoT ecosystem is stronger with strategic partners who innovate and collaborate,” said Lancen LaChance, Vice President IoT Solutions, GlobalSign. “GlobalSign and key technology partners like Infineon and Microsoft Azure foster success for our mutual customers. Together we have built a competitive advantage for IoT device manufacturers, system integrators and operators that gives them a secure, seamless path to Azure enrollment.”
“Unique device identities are essential to connect securely to the cloud,” said Juergen Rebel, Vice President and General Manager Embedded Security at Infineon Technologies. “With our new OPTIGA TPM integration kit, you can connect your device securely to Microsoft Azure IoT in less than an hour.”
The result is that the process of secure device enrollment into Azure services is streamlined and simplified. “All devices enrolled into Microsoft Azure require authenticated identities, so the importance of strong, secure device identities is crucial,” said Sam George, Corporate Vice President of Azure IoT, Microsoft Corp. “Infineon and GlobalSign have minimized the effort needed for system integrators and solution operators to securely enroll their devices into Azure, helping everyone in the supply chain. It delivers a secure, low-touch option for Azure enrollment.”
Adding a cross-signed TPM into the supply chain also offers a unique opportunity to align secure device identity with a device’s origin at production, hardening device identity and authentication, while expanding trust in the ecosystem at every stage in the device identity lifecycle, anywhere downstream.
Azure IoT Hub provides a cloud-hosted solution backend to connect virtually any device and enables highly secure and reliable communication between your IoT application and the devices it manages.