Security Platform Integration Services

Infineon Security Platform

previous page next page

Infineon Security Platform Solution

Security Platform Integration Services

The Security Platform Integration Services enable standard applications to use the Trusted Platform Module functionality. This is possible for applications supporting the Microsoft Crypto-API, Microsoft Cryptography Next Generation (CNG) API, or the PKCS #11 Crypto-API.

The following table lists all available Integration Service components:

Provider Name Explanation Crypto-API Supported applications/services (examples)
Infineon TPM Cryptographic Provider (User CSP, without AES support) Used for User Certificates.
User Authentication is required to use the certificate's private key.
User Certificate's private key is migratable, i.e. it can be transferred to another Trusted Platform Module.		 Microsoft Crypto-API
  • File and folder encryption with EFS and PSD
  • Secure e-mail (S/MIME) with Outlook and Windows Mail/Outlook Express
  • SSL/TLS client authentication with Internet Explorer
  • Certificate enrollment via Microsoft certificate snap-in and via public Certification Authorities (CA) supporting Internet Explorer
  • Signed Macros in Microsoft Office
  • Checkpoint VPN utilizing Microsoft Crypto-API
  • Entrust client applications utilizing Microsoft Crypto-API
  • Adobe digital signature and Adobe file encryption
  • User authentication with EAP-TLS
Infineon TPM RSA and AES Cryptographic Provider (User CSP, including AES support. Not available under Windows 2000.)
Infineon TPM PKCS #11 Provider
(also called "TPM Cryptoki Token")		 PKCS #11 Crypto-API
  • Secure e-mail (S/MIME) with Mozilla Thunderbird
  • SSL/TLS client authentication with Mozilla Firefox
  • Certificate enrollment via public Certification Authorities (CA) supporting Mozilla Firefox
  • Certificate enrollment via Sun Certificate Server based CA
  • Secure web access and remote access with RSA SecurID
  • Entrust client applications utilizing the PKCS #11 interface
Infineon TPM Strong Cryptographic Provider (without AES support) Used for User Certificates.
User Authentication is required for each usage of the certificate's private key.
User Certificate's private key is non-migratable, i.e. bound to the Trusted Platform Module.
 Microsoft Crypto-API
  • Especially intended for user authentication in a VPN.
Infineon TPM Platform Cryptographic Provider (Platform CSP) Used for Computer Certificates.
No dedicated authorization required to use the certificate's private key, since Computer Certificate's private key is protected by Trusted Platform Module.
Computer Certificate's private key is non-migratable, i.e. bound to the Trusted Platform Module.
To use the Platform CSP, you must be an administrator or a member of the Administrators group.		 Microsoft Crypto-API
  • IEEE 802.11 EAP-TLS authentication between WLAN client and RADIUS server (in the TLS handshake phase), in an administered enterprise on the WLAN client side
  • IEEE 802.1X EAP-TLS authentication in wired LANs between client and RADIUS server (in the TLS handshake phase), in an administered enterprise on the client side
  • IPSec computer authentication on VPN client side
Infineon TPM Key Storage Provider (KSP) Restricted Key Storage Provider.
Provides access to other Infineon TPM Cryptographic Service Providers only. Supports only signing and decryption operations, but not TPM RSA key pair creation.		 Microsoft Cryptography Next Generation (CNG) API
  • Microsoft .NET 3.0
  • For further examples, see other Cryptographic Service Providers.

For other supported applications, please contact your product support.


©Infineon Technologies AG

previous page start next page