feature article
Subscribe Now

CIRRENT Cloud ID Automates Cloud Certificate Provisioning and IoT Device-to-Cloud Authentication

Internet of Things (IoT) product companies have been struggling for years to simplify manufacturing, security, and provisioning. Well, I was just chatting with those clever lads and lasses at Infineon about their latest offering in the ongoing battle against the nefarious scoundrels who will steal or compromise your silicon chips if given half a chance. I can’t wait to tell you all about this, but first…

…all sorts of thoughts are bouncing around my poor old noggin with regard to SMADs (Steve and Max’s Awesome Displays) and robot heads and suchlike. This all started out when my chum Steve Manly and I set out to create 10-character displays, where each character is a modern incarnation of a 21-segment display from Victorian times (see Recreating Retro-Futuristic 21-Segment Victorian Displays).

As you may or may not know, I write a monthly column for Practical Electronics, which is the UK’s premier electronics, computing, and maker hobbyist magazine. I touched on our Victorian displays in a couple of my columns, but my readers want something they can build and play with themselves. Thus it was that Steve and I came up with our SMAD boards, each of which boasts 45 tricolor WS2812 LEDs. These LEDs are daisy-chained together, thereby allowing them to be controlled using a single digital microcontroller output pin.

Front view of a SMAD (Image source: Steve Manley)  

SMADs are 80 x 80 mm in size, multiple SMADs can be daisy-chained together, and they have breakaway corners, which allow them to be used in circular frames if required.

We also created 3D printed “shells” that mount in front of the SMADs. These shells, which are 10 mm thick, are divided into segments that compartmentalize the light from the LEDs. We then mount a diffuser layer on the front of the shells, and top everything off with a 1 mm-thick facia (face plate).

We started with 29-segment shells that map onto the outlines shown on the board above. This gave us 13 segments with one LED, and 16 segments with two LEDs each. Since the color of each LED can be individually controlled, we can implement all sorts of interesting effects with the 2-LED segments.

I was a happy camper at this point — I was planning on building a pseudo robot head using two SMADs as eyes — but Steve couldn’t restrain himself from 3D printing some 45-segment shells with one LED in each segment, just to see what they would look like. Dang, but they do look good, allowing for the creation of some very tasty stained-glass effects.

As a result, I ended up using four SMADs to create two pseudo robot heads — one with 29-segment shells and the other with 45-segment shells (I’m toying with the idea of building a third head with one of each, where the 45-segment “eye” will look like it’s wearing a monocle). In fact, I just posted this video showing my two heads “talking” to each other using Morse code.

The reason I use the “pseudo” qualifier with respect to my current heads is that they are static platforms with no ability to move. But all that’s about to change because Steve and I are now working on creating heads that can pan-and-tilt, and that are equipped with SMAD eyes that can also pan-and-tilt, but that will be a story for another day. Suffice it to say that my next column here on EEJournal will take a deep dive into our SMADs, which isn’t something you expect to hear yourself say too often (that column will be posted on Tuesday 26 October 2021, so mark your calendar now).

Leaping from topic to topic with the agility of a young mountain goat, something else I was just ruminating on was how different things were in the not-so-distant past. A couple of years ago, for example, my chum Rick Curl came into town on business, and he stopped by my office to say “Hi.” Rick hails from the city of Birmingham, Alabama, which is about 90 miles south of Huntsville where I currently hang my hat.

On that trip, Rick brought a copy of a scrapbook that was created by his great-grandfather. This book is jam-packed with cuttings from the Birmingham News. The cutting shown on the right in the image below is from 1922, which was only two years after the first commercial radio broadcast.

Scrapbook (left) and cutting from a 1922 issue of the Birmingham News (right).

I find it strange to think how we have such amazing electronics systems these days, but that relatively few people have any interest in learning anything about them apart from how to use them. By comparison, although electronic systems were rudimentary at best in the 1920s, people were sufficiently interested in knowing more about them that the local newspaper would print “how to” articles of this ilk.

Counterfeiting has been around since people first appeared on the scene — not just currency, but anything that has a perceived value. I’m sure that folks in the 1920s had their own problems with counterfeiting, but I think they would have been horrified with how bad things have gotten today.

These days, for example, we have all sorts of issues with silicon chips destined for deployment in the connected devices that feed data to (and are fed data by) the IoT. As I wrote in a previous column, due to the actions of nefarious ne’er-do-wells, “[…] systems delivered to the end users may contain cloned parts, counterfeit parts, or cheap-and-cheerful substitutions that degrade the reliability of the system, thereby impacting the reputation of the creators of the system. In some cases, the entire system may be a phony reproduction, thereby denying the original designers of that system their rightful remuneration. And — believe it or not — all of this is the good news, because the worst-case scenario is that the firmware contains malware designed to compromise your systems and either steal, corrupt, or ransom your data.”

What we need are ways to provision our silicon chips in such a way as to extend the chain of trust all the way from the chips into the cloud. In this context, the term “provisioning” refers to the process of inserting cryptographic keys and other secure information into the silicon chips. Problems with legacy (we could be kind and say “traditional”) provisioning options include the fact that they require things like hardware security modules (HSMs) and complex manufacturing processes. In addition to substantial NRE and operational costs, these legacy solutions also leave us exposed to any contract manufacture vulnerabilities, especially in the case of contract manufacturers who work hand-in-hand with the cyberhacker arms (no pun intended) of nation states.

All of which leads us back to the chaps and chapesses at Infineon, who have been much on my mind recently. Just a few months ago, for example, I was telling the tale of how I became friends with Sree Harsha Angara at Cypress Semiconductor, which is now a part of Infineon (see Modus Toolbox ML, TinyML, and the AIoT). And only a few months before that, I was regaling you with Infineon’s OPTIGA Authenticate IDoT, whose role it is to verify and validate the identity of things (IDoT) (see ID for the IoT? We Need the IDoT!).

Well, I’m delighted to tell you that, today — literally as I pen these words — the guys and gals at Infineon have just launched their CIRRENT Cloud ID service, which automates cloud certificate provisioning and IoT device-to-cloud authentication. Employing simple, robust manufacturing processes, this high-security, low-risk, fully auditable and trackable solution replaces high NRE and operational costs with much lower BOM costs.

Cloud ID is quick and easy to set up. A user establishes a free CIRRENT account and configures cloud-to-cloud connection between the CIRRENT Cloud ID Service and their Product Cloud. A Cloud ID compatible batch of chips, containing X.509 certificates, is delivered to the manufacturing location where a technician registers them using a smartphone. The X.509 certificates are automatically provisioned to the product cloud. Users can log into the CIRRENT console to download their certificates, and to audit and track registrations and provisioning.

How Cloud ID works (Image source: Infineon)

I understand that this takes a bit of effort to wrap one’s brain around, so let’s come at things from a slightly different angle. Consider the image shown below. Let’s assume that you are a product company with your own product cloud; also, that you’ve established a free CIRRENT account with its accompanying CIRRENT cloud.

CIRRENT Cloud ID Extends Chain of Trust from Silicon to Cloud
(Image source: Infineon)

Let’s start in the lower left-hand corner with the fact that each chip has a unique X.509 Device Certificate (IDevID) built in. Asymmetric cryptography prevents security compromises because the private key never leaves the device.

A QR-code scan on the manufacturing line triggers registration of compatible chips and provisioning of the device certificates in your CIRRENT cloud (upper left-hand corner), which communicates this information to your product cloud (upper right-hand corner).

When your chip is built into an IoT product, and that product is deployed into the field (lower right-hand corner), and it is activated and starts communicating with your product cloud using secure encrypted channels, you can identify spoofed or unauthorized devices and prevent them from pumping compromised data into your product cloud.

Cloud ID is ideal for cloud-connected product companies in the industrial, consumer, healthcare, medical, and manufacturing industries. As usual, there’s far more information than I can cover in this column. Suffice it to say that Infineon CIRRENT Cloud ID is available now, and that you can learn more about it and try it out for yourself with a free virtual kit by visiting  https://www.cypress.com/CIRRENTCLOUD_ID

As always, I welcome your erudite comments, insightful questions, and perceptive suggestions.

Leave a Reply

featured blogs
Sep 19, 2023
What's new with the latest Bluetooth mesh specification? Explore mesh 1.1 features that improve security and network efficiency, reduce power, and more....
Sep 20, 2023
Qualcomm FastConnect Software Suite for XR empowers OEMs with system-level optimizations for truly wireless XR....
Sep 20, 2023
The newest version of Fine Marine offers critical enhancements that improve solver performances and sharpen the C-Wizard's capabilities even further. Check out the highlights: γ-ReθTransition Model and Extension for Crossflow Modeling We have boosted our modeling capabi...
Sep 20, 2023
ESD protection analysis is a critical step in the IC design process; see how our full-chip PrimeESD tool accelerates ESD simulation and violation reporting.The post New Unified Electrostatic Reliability Analysis Solution Has Your Chip Covered appeared first on Chip Design...
Sep 10, 2023
A young girl's autobiography describing growing up alongside the creation of the state of Israel...

Featured Video

Chiplet Architecture Accelerates Delivery of Industry-Leading Intel® FPGA Features and Capabilities

Sponsored by Intel

With each generation, packing millions of transistors onto shrinking dies gets more challenging. But we are continuing to change the game with advanced, targeted FPGAs for your needs. In this video, you’ll discover how Intel®’s chiplet-based approach to FPGAs delivers the latest capabilities faster than ever. Find out how we deliver on the promise of Moore’s law and push the boundaries with future innovations such as pathfinding options for chip-to-chip optical communication, exploring new ways to deliver better AI, and adopting UCIe standards in our next-generation FPGAs.

To learn more about chiplet architecture in Intel FPGA devices visit https://intel.ly/45B65Ij

featured paper

An Automated Method for Adding Resiliency to Mission-Critical SoC Designs

Sponsored by Synopsys

Adding safety measures to SoC designs in the form of radiation-hardened elements or redundancy is essential in making mission-critical applications in the A&D, cloud, automotive, robotics, medical, and IoT industries more resilient against random hardware failures that occur. This paper discusses the automated process of implementing the safety mechanisms/measures (SM) in the design to make them more resilient and analyze their effectiveness from design inception to the final product.

Click here to read more

featured chalk talk

Electrical Connectors for Hermetically Sealed Applications
Many hermetic chambers today require electrical pathways to provide internal equipment with power, data or signals, or to receive data and signals from equipment within the chamber. In this episode of Chalk Talk, Amelia Dalton and Brad Taras from Cinch Connectivity Solutions explore the role that seals and connectors play in the performance of hermetic chambers. They examine the methodologies to determine hermetic seal leaks, the benefits of epoxy hermetic seals, and how Cinch Connectivity’s epoxy-based seals and hermetic connectors can add value to your next design.
Aug 22, 2023