STMicroelectronics Achieves FIPS 140-3 Certification for STSAFE-TPM Trusted Platform Modules

STMicroelectronics has introduced a lineup of TPMs that have successfully achieved the FIPS 140-3 certification. These include the following models:

• ST33KTPM2X
• ST33KTPM2XSPI
• ST33KTPM2XI2C
• ST33KTPM2I
• ST33KTPM2A

These TPMs provide robust cryptographic asset protection, making them suitable for high-security environments such as PCs, servers, IoT devices, and industrial systems. Whether integrated into automotive systems, medical devices, or critical infrastructure, these modules ensure compliance with the latest security regulations and standards.

FIPS 140-3 Certification: The Latest in Cryptographic Standards

FIPS 140-3 is the most recent iteration of the federal information processing standards for cryptographic modules. It represents a significant advancement over the earlier FIPS 140-2 standard, introducing stronger encryption algorithms, enhanced physical security features, and more rigorous testing protocols.

Laurent Degauque, Marketing Director of Connected Security at STMicroelectronics, emphasized the importance of this certification by stating, “All FIPS 140-2 certificates are scheduled to expire in September 2026. By achieving FIPS 140-3, our TPMs are uniquely ready for new designs and let customers create secure, interoperable equipment with extended product and certification lifetimes.”

Use Cases and Applications of STSAFE-TPM Devices

The certified STSAFE-TPM devices are designed to support a variety of high-security use cases. Key applications include:

• Secure Boot: Ensures that systems only boot trusted software, protecting against unauthorized modifications.
• Remote and Anonymous Attestation: Provides the ability to verify the integrity of remote devices without revealing sensitive data.
• Secure Storage: With an extended user memory of 200kBytes, these TPMs ensure safe storage of critical cryptographic keys and other sensitive information.

Meeting Industry Security Standards

STMicroelectronics’ TPMs are compliant with multiple industry-leading security standards, making them a versatile solution for various sectors. Key certifications and standards include:

• Trusted Computing Group TPM 2.0: A crucial standard for trusted platform modules that ensures interoperability and security.
• Common Criteria EAL4+: This certification includes the most stringent vulnerability analysis (AVA_VAN.5), ensuring that these TPMs have passed rigorous testing against potential attacks.
• FIPS 140-3 Level 1 and Physical Security Level 3: These TPMs provide robust physical security features to safeguard against tampering and physical intrusion attempts.

Enhanced Cryptographic Services for Cutting-Edge Security

The STSAFE-TPM devices offer a wide range of cryptographic services to meet the needs of modern digital environments. These include:

• Elliptic Curve Digital Signature Algorithm (ECDSA) & Elliptic Curve Diffie-Hellman (ECDH) with key sizes up to 384 bits
• RSA encryption with key sizes up to 4096 bits, including key generation
• Advanced Encryption Standard (AES) with key sizes up to 256 bits
• Secure Hash Algorithms (SHA1, SHA2, and SHA3)

These cryptographic services, standardized by the Trusted Computing Group (TCG), provide the tools needed to secure sensitive data and maintain compliance with FIPS 140-3 standards.

PQC: Preparing for Post-Quantum Cryptography

In addition to these advanced cryptographic services, STMicroelectronics’ TPMs also support secure firmware updates. This functionality ensures that new cryptographic algorithms, such as Post-Quantum Cryptography (PQC), can be added in the future. As quantum computing technology continues to evolve, the ability to update cryptographic algorithms will be crucial in maintaining state-of-the-art cryptographic protection.

ST33KTPM2I: Tailored for Industrial Systems

Among the newly certified devices, the ST33KTPM2I stands out for its suitability in long-lifetime industrial systems. Designed for robust performance in harsh environments, this model is ideal for use in critical infrastructure and industrial IoT applications where reliability and security are paramount.

ST33KTPM2A: Automotive-Ready Security

The ST33KTPM2A, marketed under the name STSAFE-V100-TPM, leverages an AEC-Q100 qualified hardware platform, making it an ideal choice for automotive integration. As the automotive industry moves toward connected and autonomous vehicles, the need for secure communication and data protection becomes even more crucial. This TPM ensures compliance with the stringent security requirements of the automotive sector, providing a trusted solution for securing in-vehicle systems.

Key Advantages of STSAFE-TPM Devices

1. Extended Product Lifetimes: The FIPS 140-3 certification guarantees that these TPMs will remain compliant with security standards for years to come, allowing customers to build products with long lifecycles.
2. Reduced Time to Market: With STMicroelectronics offering provisioning services to load device keys and certificates, customers can significantly reduce the time required to bring secure products to market.
3. Supply Chain Security: By ensuring the security of the supply chain, STMicroelectronics’ provisioning services also help protect against potential vulnerabilities introduced during the manufacturing process.

Provisioning Services for Enhanced Security

STMicroelectronics goes beyond providing TPMs by offering comprehensive provisioning services. These services include the loading of device keys and certificates during manufacturing, reducing the total solution cost and accelerating the time-to-market for new products. This ensures that the cryptographic elements of a product are securely installed, safeguarding the entire supply chain from potential vulnerabilities.

Future-Proofing with Secure Firmware Updates

As mentioned earlier, one of the standout features of STSAFE-TPM devices is their ability to receive secure firmware updates. This allows for the seamless integration of new cryptographic algorithms and security features as they become available, ensuring that the devices remain secure and up-to-date over the long term. Whether it’s adding PQC support or introducing new encryption methods, these updates guarantee that your systems will be protected against emerging threats.

Conclusion: A New Era in Cryptographic Security

STMicroelectronics’ achievement of FIPS 140-3 certification for its STSAFE-TPM trusted platform modules marks a significant milestone in cryptographic security. With applications ranging from IoT devices to automotive systems and industrial infrastructure, these TPMs offer the robust protection needed to meet the evolving security landscape. Through their compliance with multiple industry standards, support for advanced cryptographic services, and ability to future-proof through secure firmware updates, these devices provide a versatile, secure, and reliable solution for modern critical information systems.

FAQs

1. What is FIPS 140-3 certification? FIPS 140-3 is the latest version of the federal information processing standards for cryptographic modules, ensuring robust security features for digital systems.
2. Which industries can benefit from STSAFE-TPM devices? These TPMs are used in various industries, including automotive, IoT, industrial systems, and medical devices, providing essential cryptographic protection.
3. What cryptographic services do these TPMs offer? The STSAFE-TPM devices offer ECDSA, ECDH, RSA encryption, AES, and secure hash algorithms (SHA1, SHA2, and SHA3), meeting modern cryptographic standards.
4. What makes the ST33KTPM2A unique for automotive use? The ST33KTPM2A, also known as STSAFE-V100-TPM, is built on an AEC-Q100 qualified hardware platform, ensuring it meets the stringent requirements of automotive systems.
5. How does STMicroelectronics ensure the security of the supply chain? Through their provisioning services, STMicroelectronics securely loads device keys and certificates during manufacturing, safeguarding the entire supply chain.