OPTIGA™ Trust M MTR - Infineon's Matter certified security IC

Infineon's Matter-certified security IC

Matter was announced as "Matter 1.0" on October 4, 2022, and the latest version, "Matter 1.3", was released on May 8, 2024. Matter products are coming to the market one after another, but Matter-compatible products must have Matter certificates (DAC, PAI certificates, etc.) written into them. The authenticity of these certificates is guaranteed by the root certificate authority approved by the Connectivity Standards Alliance (CSA), which formulates Matter, and therefore manufacturers who create Matter products must prepare a root certificate authority (and intermediate certificate authority).

Infineon's OPTIGA™ Trust M MTR is a solution that combines a security-specialized IC (secure element) with the certificate issuance service of Kudelski IoT, a CSA-approved root certificate authority, to help customers release Matter products to the market easily and quickly.

For information on the "Matter" standard, click here

First of all, what is a Matter certificate?

Matter products are added to the Matter fabric (the network through which Matter products communicate with each other) using a smartphone or other device.
This process is called commissioning, and the device adding a Matter product to the Matter fabric is called the commissioner, and the Matter product being added is called the commissionee.

Matter authentication uses PKI (Public Key Infrastructure) mechanism is used, and the following data stored in the Matter product is used during commissioning:
・CD (Certification Declaration)
・DAC (Device Attestation Certificate)
・PAI Certificate
Private key

DAC is CSAApproved byPAA(Product Attestation Authority:Root Certificate Authority), andPAI(Product Attestation Intermediate:The trust is guaranteed by the intermediate certificate authority (DAC → PAI → PAA certificate chain).

Matter certification process

The benefits the product provides to users

OPTIGA™ Trust M MTR Perspective

The private key that pairs with the public key included in the DAC is stored securely with excellent tamper resistance.
Common Criteria (CC) EAL6+ certified hardware
Can be externally attached to MCU/SoC via I2C

Kudelski IoT Perspective

Eliminates the hassle of searching for a CSA-certified certificate authority
In addition to PAA, we can also provide PAI (up to 5) functions, and Kudelski IoT can provide complete support up to DAC issuance.
The PID written to the DAC can be changed up until just before mass production, making it compatible with multiple end products.
Dashboard information provided by Kudelski IoT can be shared among multiple companies (OEMs can obtain certificates directly)

Inquire about the product

How to incorporate Matter certification into your product

First, the customer and Kudelski IoT will sign an NDA and purchase the OPTIGA™ Trust M MTR from Infineon.
The QR code attached to the OPTIGA™ Trust M MTR reel is read to link the chip information to the customer's account on the Kudelski IoT portal.
Create a DAC including the VID and PID obtained by the customer on the Kudelski IoT portal and download it.
Store the downloaded DAC and PAI certificates in the OPTIGA™ Trust M MTR and implement it in your product.

Overview of OPTIGA™ Trust M MTR

Package: USON-10
Size: 3×3mm
Interface: I2C
Memory: Up to 10kB of user memory
Temperature range: -25 to +85°C
Encryption algorithm: (Up to) ECC-512, RSA-2k, AES-256, SHA256
Delivery form: Reel (4K MOQ)

Evaluation kit

The shield (left) equipped with the OPTIGA™ Trust M MTRcan be connected to the PSoC™ 62S2 Wi-Fi BT Pioneer Kit (right) using an adapter (center) for evaluation.
(You can use the sample DAC provided by Kudelski IoT free of charge.)