Product of the Week: Infineon OPTIGA Authenticate IDoT
July 13, 2021
Story
How can you be sure that your electronic devices are secure through the manufacturing process, and will remain so once they leave the factory for the next two, five, ten or more years? Infineon’s OPTIGA Authenticate Identity of Things, or “IDoT,” is a discrete authentication chip designed to help OEMs and system integrators protect products during and after production.
As its name suggests, the Authenticate IDoT device is an ECC-based hardware security solution that protects electronic systems from counterfeiting, IP theft, unauthorized tampering, and other risks that can compromise device operation and/or brand value. Although separate from the primary applications processor, the 100 KHz or 400 KHz Infineon IDoT operates in conjunction with the system host processor by authenticating peripherals before allowing them to communicate with the host.
The ECC-based authentication mechanisms provided by the 1.5 mm x 1.5 mm x 0.38 mm SMD IDoT chip can be configured in four different ways: one-way, mutual, host binding, and host support. The devices are outfitted with between 1 Kb and 5 Kb lockable NVM, which can also be configured by the user.
Other key features of the IDoT authentication chips include an automated group policy orchestration trigger to assist with device enrollment and onboarding with IoT servers, as well as a lifecycle decrement counter with independent deactivation structures that can be used to automatically EOL deployed systems after a specified time.
Despite integrating the complexity of 163-bit ECC and 193-bit ECC curves, the IDoT devices are backed by the popular PSoC 6 software and tools ecosystem.
The Infineon Optiga Authenticate IDoT in Action
In action, the Infineon Optiga IDoT requires only a single GPIO pin on the host/master, and can operpate as either an I2C + GPO slave device or over SWI slave.
Over I2C, the authentication solution communicates synchronously over two wires, where one of the wires carries the clock signal controlled by the I2C master, and the other is used to send and receive data.
The SWI option permits bidirectional communications on a single wire using half-duplex transmissions, where both the master and the slave can transmit and receive commands but only one at a time.
However, this also provides the advantages of supporting interrupt-based processing and indirect power modes whereby a resistor holds the supply voltage and passes it to the IDoT device through the SWI and a diode.
Getting Started with the Infineon OPTIGA Authenticate IDoT
Developers interested in evaluating the security of the Infneon OPTIGA Authenticate IDoT can get started with a PSoC 6 reference board. These contain demo software – including an SDK with a C-based API, host code library, and visualization tool – and further documentation of the IDoT device.
Between its small size, ease of use, and consumer and industrial-grade temperature ranges, the Infineon Optiga IDoT authentication device is a ready-made anti-tampering and counterfeiting solution for applications ranging from HVAC and water filtration systems to rechargeable mobile device batteries to e-mobility and robotics solutions.
For more information, visit the Optiga IDoT product page or check out the references below.
References:
- Optiga IDoT Product Page – www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-authenticate/optiga-authenticate-idot
- OPTIGA Authenticate IDoT Short Data Sheet – www.infineon.com/dgdl/Infineon-OPTIGA%20AUTHENTICATE%20IDOT-DataSheet-v01_00-EN.pdf?fileId=5546d46277921c320177d685776e2890