Solving security problems at IoT scale
KeyScaler™ is a purpose-built device identity centric IAM platform for IoT and Blockchain. It allows customers to securely register, provision and connect devices to IoT platforms, applications and services. The platform simplifies the process of establishing a robust, end-to-end security architecture within the IoT and deliver efficiencies at scale through security automation, without human intervention.
With the enormous and dynamic scale of the IoT where new devices are continually being provisioned, this process rapidly becomes unmanageable without automation. The IoT demands an approach to identification that starts with individual devices – authenticated automatically and dynamically, with no manual intervention required.
KeyScaler™ is an innovative platform that delivers:
- Secure device registration and provisioning
- Policy-driven credential delivery and management
- End-to-End device derived cryptography for data in transit and at rest across networks and cloud services
Device Authority has developed a flexible device interface protocol that interoperates with KeyScaler for delivering automated PKI for IoT devices - providing two alternatives for device authentication.
KeyScaler has been designed for rapid integration and interoperability. Extensive REST API integration enables an abstracted interface for leveraging the security engine and system controls. The platform is highly suitable for Secure by Design architectures and follows the white listing approach for device registration.
Multiple functions – one platform
Enhanced Platform Integration Connector - Flexible interface to integrate with ANY external platforms and services. Provides real-time notification of events that occur in KeyScaler.
Registration Controls - Automated device registration and authorization policies for headless onboarding of IoT devices at scale
Device Group Management – The ability to assign devices to groups and assign crypto and certificate provisioning policies at a group-level.
Automated Password Management - Automatically set and manage local account passwords on devices, and rotate as per policy with the ability to restrict access to device passwords for privileged individuals only
End-to-End Data Security – Granular, efficient policy-driven crypto that provides secure, end-to-end delivery and storage when using third party networks and cloud services.
Secure Soft Storage - To prevent theft of certificates and unauthorized usage, the agent stores the certificate and associated key pair in an encrypted state. Decryption is available only to authorized applications as defined in the policy on the KeyScaler server.
Hardware Security Module (HSM) Support - KeyScaler supports Thales and Gemalto Hardware Security Modules (HSMs) as a Root of Trust (ROT) to provide secure storage for KeyScaler system keys, secure execution and private PKI root CA key.
Delegated Security Management (DSM) - Providing high assurance device authentication for IoT platforms, network and power efficiency, and simplified integration with KeyScaler
PKI Signature+ - Designed for low-power devices, where Dynamic Device Key Generation (DDKG) is not suitable. Utilizing asymmetric key signatures with automated authentication key rotation policies to deliver strong device identity. Learn more here.
Delegated Security Management (DSM) - Providing high assurance device authentication for IoT platforms, network and power efficiency, and simplified integration with KeyScaler.
Development Tools - Client-side SDK and development libraries provide an easy integration method into new and existing applications. Server-side REST APIs make it simple to consume KeyScaler services.
IdenTrust CA Connector - Automated certificate provisioning and management for IoT devices with IdenTrust (part of HID Global) as Trusted CA.
Automated Certificate Management – Automated certificate provisioning and management for IoT devices.
Azure IoT Hub connector - A service connector that provides Shared Access Signature (SAS) tokens. KeyScaler authenticates to devices and delivers SAS tokens. Devices use SAS tokens to authenticate to Azure IoT Hub.
Amazon Web Services (AWS) IoT PKI Connector - A service connector, utilizing the AWS SDK, supports certificate provisioning, revocation as well as ‘thing’ creation and certificate assignment.
KeyScaler Management Extension for ThingWorx - Simplified integration between ThingWorx and KeyScaler for device identity management. Providing ThingWorx customers and SI partners with a ‘single pane of glass’ for management.
Always-On Agent with Token Authentication - A crypto agent for ThingWorx Always-On protocol provides transparent, policy-based encryption for device applications connected to ThingWorx. Also provides deployment of secure token authentication for any ThingWorx-enabled device application with no code changes.
Internal Private PKI - Customers can generate their own internal private root certificate authority and key, to enable provisioning of self-signed certificates to devices and the AWS IoT service.
Sectigo Connector - Automated certificate provisioning and management for IoT devices with Sectigo. Provides easy integration into Sectigo’s IoT Manager.
Hardware Security Module (HSM) Support - KeyScaler supports Thales and Gemalto Hardware Security Modules (HSM) as a Root of Trust (ROT) to provide secure storage for KeyScaler system keys, secure execution and private PKI root CA key.
Users experience the following KeyScaler™ benefits:
- Protects organizations from espionage, process disruption, sensitive IP and data theft through the delivery of end-to-end data security – granular, efficient policy driven crypto that provides secure, end-to-end delivery and storage when using third party networks and cloud services.
- Removes risk of cyber attacks, such as the recent Mirai and BrickerBot incidents, executed by the exploitation of weak credentials. Through unique Automated Password Management technology account passwords are automatically set and managed on devices including automatically changing manufacturer's default passwords.
- Automates compliance through policies, minimizing costly manual intervention and manages risk for diverse industrial regulatory landscapes, including frameworks. Click here for further information on compliance.
- Increased control and reduced total cost of ownership through the KeyScaler Internal Private PKI. Customers can generate their own internal private root certificate authority and key, to enable provisioning of self-signed certificates to devices and the AWS IoT service.
- Leverages existing investment through availability of Managed PKI Connectors.
- Protects customer organization's brand integrity and reputation through the prevention of certificate and key theft, cloning, impersonation and spoofing due to encrypted-state storage.
- Delivers significant cost savings and removes logistical challenges of large scale device deployments with bulk provisioning thereby removing the need for human intervention.
- Increases operational efficiency through automated user account password management. Manual overhead of password change management is removed and HR and IT security policies can be automatically implemented.
Device Authority directly addresses the universal challenge of securing devices and information within an increasingly connected world to ensure integrity, privacy and compliance.
Our innovative platform delivers same day value – so get started now.
Have a Question?
Interested in learning how KeyScaler can help you and your team? Schedule a 20-minute, online meeting with an IoT security specialist to discuss your individual requirements.