PLCnext on LinkedInPLCnext on Instagram  PLCnext on YouTube Github PLCnext CommunityStore PLCnext Community

  1. 602129929@qq.com
  2. PLCnext Technology & PLCnext Controls
  3. Wednesday, 18 March 2020

Hello Sir

 

We have a customer care about the TPM of PLCnext ,however, we have less information about the  PLCnext TPM architecture and principle, what's more,how to implementation it. Could you please explain it generally, or send us some related document?

 

Looking forward to your replay ,Thank you very much!

Martin PLCnext Team Accepted Answer Pending Moderation
0
Votes
Undo

Hello,

Here is some initial information:

The TPM (trusted platform module) is a microchip which is used to ensure the platform integrety of electronic devices.
It provides hardware based security functions and up to now we are using it as followed:
- Secure storage of device data like default password, serial number, MAC, etc.
- Private key of device identity, which is created while production process, is bound to the TPM.

The device identity is needed for instance to become a secure connection to the device while using PLCnext Engineer. It is also used to check if the connected device is a real Phoenix Contact device.

Please let us know if you need more information.

~ Martin.

Phoenix Contact Electronics Headquarters - PLCnext Runtime Product Management and Support

602129929@qq.com Accepted Answer Pending Moderation
0
Votes
Undo

Hello Martin

Thank you for your information!

However, there are several topics we care about:

1.the general description about the architecture design of PLCnext TPM ,does it based on a FPGA? or other ways? Maybe like the attchment picture show.

2.about TPM function, does it just we claim it to customer, or is there a so-called third party inspection agency certification to make customer accept?

3.to some primary users, how we can do simple test ,for example , the same operation to PLCnext and  classical PLC to show the different effect between with TPM and without TPM ?

Just discuss, I'm sorry if offended you.

 

Looking forward to your reply!

Attachments (2)
Martin PLCnext Team Accepted Answer Pending Moderation
0
Votes
Undo

Hello,

I will pass your questions on to the technical experts in this area, and let you know the result.

It's no problem, these are good questions!

Regards,

Martin.

Phoenix Contact Electronics Headquarters - PLCnext Runtime Product Management and Support

Martin PLCnext Team Accepted Answer Pending Moderation
0
Votes
Undo

Just a short update - one of our technical experts is currently putting together answers to these questions, and we expect to be able to post these answers some time next week.

~ Martin.

Phoenix Contact Electronics Headquarters - PLCnext Runtime Product Management and Support

Martin PLCnext Team Accepted Answer Pending Moderation
0
Votes
Undo

OK, here are some answers from our technical experts:

1.the general description about the architecture design of PLCnext TPM ,does it based on a FPGA? or other ways?

TPM is an additional chip which is connected to the FPGA. The TPM protects the Initial Device Identity ("IDevID") and the default password.
In the Certification Authentication WBM Page, the details of the IDevID certificate’s chain can be checked:

IDevID

AXCF252

 

Keys, certificates and individual default password are saved to the TPM during production and cannot subsequently be changed.
In IEC 62443, this data is called “Manufacturers roots of trust”, because this information is used to securely identify the device.
The device specific data is stored in the end entity certificate shown in the AXC F 2152 certificate.
Among other information, the serial number of the device is also provided securely.
This certificate is used to ensure that only trusted communication partners can communicate with the PLCnext device.

2.about TPM function, does it just we claim it to customer, or is there a so-called third party inspection agency certification to make customer accept?

The certificates are generated with a PKI (public key infrastructure) and need to be stored securely to the device during production.
Managing a PKI requires specific processes and maintenance.
The Development process of PLCnext is certificated by TÜV-SÜD according IEC 62443-4-1.
This certification covers the PKI handling and production process.

3.to some primary users, how we can do simple test ,for example , the same operation to PLCnext and classical PLC to show the different effect between with TPM and without TPM?

The certificate chain is used by our engineering software (PLCnext Engineer) to prove that we are accessing a PxC device. It also protects communication between PLCnext Engineer and the PLC from tampering.
In the Application Program, programmers can use this information to check if they are running on a PLCnext Control device, or even on a specific device, by checking the serial number. The PLCnext Engineer function block SEC_VERIFY_DEVICE_IDENTITY offers a check of the Device Identity. In this way, it is possible to guarantee that the user program is executing on a specific device family, or even on one unique device.

FB SEC Verify

====================

Please let us know if you have any other questions.

~ Martin.

Phoenix Contact Electronics Headquarters - PLCnext Runtime Product Management and Support

  • Page :
  • 1


There are no replies made for this post yet.
However, you are not allowed to reply to this post.