Solving security problems at IoT scale
KeyScaler® is a purpose-built device identity centric IAM platform for IoT and Blockchain. It allows customers to securely register, provision and connect devices to IoT platforms, applications and services. The platform simplifies the process of establishing a robust, end-to-end security architecture within the IoT and deliver efficiencies at scale through security automation, without human intervention.
With the enormous and dynamic scale of the IoT where new devices are continually being provisioned, this process rapidly becomes unmanageable without automation. The IoT demands an approach to identification that starts with individual devices – authenticated automatically and dynamically, with no manual intervention required.
KeyScaler® is an innovative platform that delivers:
- Secure device registration and provisioning
- Policy-driven credential delivery and management
- End-to-End device derived cryptography for data in transit and at rest across networks and cloud services
Device Authority has developed a flexible device interface protocol that interoperates with KeyScaler® for delivering automated PKI for IoT devices - providing two alternatives for device authentication.
KeyScaler® has been designed for rapid integration and interoperability. Extensive REST API integration enables an abstracted interface for leveraging the security engine and system controls. The platform is highly suitable for Secure by Design architectures and follows the white listing approach for device registration.
Multiple functions – one platform
Security Suite for Microsoft Azure IoT - Enhanced security for Microsoft customers and partners to accelerate, optimize and leverage their investments in IoT deployments with connectors for Azure Sphere, Azure IoT Central, Azure IoT Hub, Azure Key Vault, Azure IoT Edge, Azure DPS, Microsoft Active Directory, Azure Event Hub data privacy, Active Directory Certificate Services and Windows credential manager. Learn more on our dedicated Microsoft page.
Security Suite for PTC ThingWorx - Simplified integration between ThingWorx and KeyScaler offering data security, device authentication, management interface and device authorization.
Amazon Web Services (AWS) IoT PKI Connector - A service connector, utilizing the AWS SDK, supports certificate provisioning, revocation as well as ‘thing’ creation and certificate assignment.
Enhanced Platform Integration Connector - Flexible interface to integrate with ANY external platforms and services. Provides real-time notification of events that occur in KeyScaler.
Automated Certificate Management – Automated certificate provisioning and management for IoT devices and gateways.
Internal Private PKI - Customers can generate their own internal private root certificate authority and key, to enable provisioning of self-signed certificates to devices and the AWS IoT service.
Secure Soft Storage - To prevent theft of certificates and unauthorized usage, the agent stores the certificate and associated key pair in an encrypted state. Decryption is available only to authorized applications as defined in the policy on the KeyScaler server.
End-to-End Data Security – Granular, efficient policy-driven crypto that provides secure, end-to-end delivery and storage when using third party networks and cloud services.
Hardware Security Module (HSM) Support - KeyScaler supports nCipher Security and Thales/Gemalto Hardware Security Modules (HSM) as a Root of Trust (ROT) to provide secure storage for KeyScaler system keys, secure execution and private PKI root CA key.
HSM Access Controller - Ability to manage a connected HSM using KeyScaler API’s for the purpose of key generation, data signing, data crypto, and general public key storage. Secure Data Repositories provide centralized encrypted data stores used to securely store data that can be transmitted to authorized entities.
PKI Signature+ - Designed for low-power devices, where Dynamic Device Key Generation (DDKG) is not suitable. Utilizing asymmetric key signatures with automated authentication key rotation policies to deliver strong device identity.
Automated Password Management - Automatically set and manage passwords on devices and rotate as per policy, with the ability to restrict access to privileged individuals only.
Development Tools - Client-side SDK and development libraries provide an easy integration method into new and existing applications. Server-side REST APIs make it simple to consume KeyScaler services.
Docker Support - Support for deploying KeyScaler services inside Docker Containers.
Registration Controls - Automated device registration and authorization policies for headless onboarding of IoT devices at scale.
Device Group Management – The ability to assign devices to groups and assign crypto and certificate provisioning policies at a group-level.
Users experience the following KeyScaler® benefits:
- Protects organizations from espionage, process disruption, sensitive IP and data theft through the delivery of end-to-end data security – granular, efficient policy driven crypto that provides secure, end-to-end delivery and storage when using third party networks and cloud services.
- Removes risk of cyber attacks, such as the recent Mirai and BrickerBot incidents, executed by the exploitation of weak credentials. Through unique Automated Password Management technology account passwords are automatically set and managed on devices including automatically changing manufacturer's default passwords.
- Automates compliance through policies, minimizing costly manual intervention and manages risk for diverse industrial regulatory landscapes, including frameworks. Click here for further information on compliance.
- Increased control and reduced total cost of ownership through the KeyScaler Internal Private PKI. Customers can generate their own internal private root certificate authority and key, to enable provisioning of self-signed certificates to devices and the AWS IoT service.
- Leverages existing investment through availability of Managed PKI Connectors.
- Protects customer organization's brand integrity and reputation through the prevention of certificate and key theft, cloning, impersonation and spoofing due to encrypted-state storage.
- Delivers significant cost savings and removes logistical challenges of large scale device deployments with bulk provisioning thereby removing the need for human intervention.
- Increases operational efficiency through automated user account password management. Manual overhead of password change management is removed and HR and IT security policies can be automatically implemented.
Device Authority directly addresses the universal challenge of securing devices and information within an increasingly connected world to ensure integrity, privacy and compliance.
Our innovative platform delivers same day value – so get started now.