Security modules use ARM trusted computing tech for IoT

November 24, 2016 // By Graham Prophet
ST Microelectronics has added to its STSAFE family with Trusted Platform Modules (TPMs) that extends support for state-of-the-art hardware-based online security; larger on-chip memory provides greater storage for sensitive data. Devices are certified to highest security-industry standards and supported by independent Certification Authority (CA).

The announcement comprises two security modules that provide a validated shield to protect computers and smart connected devices against cyber-attacks. STSAFE Trusted Platform Modules (TPM) store system-authentication data such as cryptographic keys and software measurements in inaccessible and unalterable hardware, offering a standardized way to protect PCs and servers, as well as other home and office equipment such as printers, copiers, home gateways, network routers, and switches. This protected storage prevents attackers from interfering with the device’s integrity, stealing private data, or taking over the system to gain unauthorized access or privileges that would put the system, data, or its network at risk.

 

The Trusted Computing Group’s latest TPM 2.0 specification adds extra features over and above the earlier TPM 1.2, including cryptographic algorithms and support for user hierarchies. The first of ST’s new STSAFE-TPM devices, the ST33TPHF2ESPI, supports both specifications and can switch between the two, allowing OEMs to provide TPM 1.2 or TPM 2.0 capability on the latest device technology. The second device is the ST33TPHF20SPI, which supports TPM 2.0 and has the largest non-volatile memory available to provide up to 110 kBytes storage for sensitive data.

 

The STSAFE-TPM modules builds on ST’s expertise with the secure ARM SecurCore SC300 processor, which has anti-tamper, data-watching, and memory-protection features. Both devices are Common Criteria (CC) and Trusted Computing Group (TCG) certified against the applicable TPM 1.2 and 2.0 protection profiles and US Federal Information Processing Standard (FIPS) 140-2 certifications are in progress. The new modules come with RSA and ECC Endorsement Keys (EKs) needed to support authentication and associated key certificates are provided, signed by the independent certification authority Globalsign Ltd to guarantee authenticity.

 

The ST33HTPH2ESPI and ST33HTPH20SPI are available in either a TSSOP28 or QFN32 package.

 

STMicroelectronics; www.st.com