Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

Infineon Leads in IoT Security Certification

Infineon Leads in IoT Security Certification

First like received First question asked 5 sign-ins

 Infineon was front and center when the Connectivity Standards Alliance (CSA) recently announced its Product Security Verified Certification Program. I (Steve Hanna) am the chair of the Working Group that developed this program and I’m pleased to say that Infineon was one of the first companies to have our products certified. These actions demonstrate Infineon’s strong commitment to and leadership in IoT security.

Overview of the Product Security Verified Program

The Product Security Verified program applies specifically to Internet of Things (IoT) products like a light bulb, thermostat, and other “things” that are part of a smart home. This cyber security certification provides an umbrella encompassing the requirements of the U.S. NIST IR 8425 (Profile of the IoT Core Baseline for Consumer IoT Products), the European Union (EU) EN 303 645 (Cyber Security for Consumer Internet of Things: Baseline Requirements), and the Singapore Cybersecurity Labeling Scheme (CLS). These three standards form the basis for the US Cyber Trust Mark and for similar certification schemes created by the UK, Finland, and Singapore.

With the Product Security Verified program, CSA will provide certifications for products that have been tested and verified as complying with its umbrella requirements. To accomplish this, CSA analyzed all three sets of requirements, removed redundancies, and established a core set of assessments that reflect the combined requirements of all three. Thus, a product that meets the CSA requirements meets the requirements of all three national or regional systems. Future versions of the program will add more requirements as needed.

Benefits for Different Stakeholders

This far-reaching approach to IoT security certification offers benefits to consumers, retailers, nations, and manufacturers.

  • Consumers gain more confidence that the products they buy have proper security built in, so they do not have to worry about security concerns.
  • Retailers allay customer concerns about security, addressing a substantial obstacle consumer IoT product purchases.
  • Nations gain two benefits. First, a nation’s citizens and their networks are well-protected thanks to their government’s efforts. Second, a global approach should enable more products to comply with their national requirements.
  • Manufacturers have a single certification program with clear rules that they can follow to sell their products globally.

In the past, IoT security has often been invisible. Consumers couldn’t tell which products were secured and which ones claimed to be. Now IoT security is visible for all to see. Companies that invest in strong security can be rewarded for it, having their efforts rewarded with global recognition and positive consumer response.

All of this occurs without each device being separately reviewed with each of the respective nations/regions. Products are certified once and comply in many place. This allows manufacturers to focus on a single certification with a single entity, instead of having to initiate and coordinate multiple activities across several organizations in different locations.


Benefits for Infineon and its Customers

While the CSA cybersecurity announcement has just occurred, Infineon has already completed the certification program with our PSoC™ 64 Secured MCUs and PSoC™ 62S2 Wi-Fi BT Pioneer Kit, our Matter development kit.


This means that customers using Infineon’s CSA-certified products, such as the Matter development kit or PSoC 64, have a solid foundation for building their IoT devices. Because our customers add their own intellectual property on top of our products (in hardware, software, and back-end cloud services), they will be required to independently certify their products. However, knowing that they have a certified foundation from Infineon, they can proceed with a high confidence level that their certification efforts will occur with minimal hitches. They can focus their efforts on securing their own work to avoid problems in the certification process.


Protocol Security vs. Product Security


CSA is widely known for developing the Matter standard for smart home interoperability. Matter provides strong protocol security but that is different from the product security offered by CSA’s new Product Security Verified Certification Program.


Protocol security focuses on securing communications protocols to protect data while it’s in transit from one device to another. Product security focuses on securing the devices themselves. For example, Matter requires commands and data to be encrypted when they are sent from one device to another, preventing eavesdropping on cleartext in transmissions. Product security, on the other hand, requires data to be stored and processed securely inside a device to prevent attempts to change or extract that data while it’s in the device.


These two types of security are complementary. Both are needed so that data is protected at all times, whether in the device or in transit across the network.


Product Security Requirements


The Product Security Verified Certification Program includes more than just secured data storage. Here is a list of key requirements, derived from the national standards linked to above:

  1. Unique identity for each IoT Device
  2. No hardcoded default passwords
  3. Secured storage of sensitive data on the Device
  4. Secured communications of security-relevant information
  5. Secured software updates throughout the support period
  6. Secured development process, including vulnerability management
  7. Public documentation regarding security, including the support period


Infineon: Leading the Way in IoT Security


Infineon is leading the way in IoT security – looking out for our customers so that they can focus on efficiently creating properly secured products and delivering them to market with a simple certification: the Product Security Verified Certification Program.