Protecting IoT applications and data
The initial onboarding and provisioning of IoT devices must be secured and controlled to protect the integrity of IoT applications and the data they are processing. Device Authority’s Dynamic Device Key Generation (DDKG) technology allows organizations to create device “whitelists” that lockdown the device registration and provisioning process to known-good hardware, ensuring that only authorized devices can register with the system.
Traditionally, the security surrounding this process has leveraged keys that are injected into devices as part of the manufacturing process. Using KeyScaler PKI Signature+ method, manufacturer-provisioned public keys can be used to define the whitelists that lock down the device registration process. Following successful registration, the key is rotated to increase the security of the device and help detect and prevent device cloning.
KeyScaler provides policy-driven registration controls to enable secure, automated onboarding and provisioning of devices at IoT scale. Registration control records can be pre-established in the system to support “headless” onboarding of devices in the field without requiring administrative access to manually register, authorize and provision devices with data security policies, keys and credentials, such as PKI certificates.
Registration control records can be specifically tailored for individual customer environments and device deployments and can be managed and monitored through the KeyScaler Control Panel or established through KeyScaler API services. Registration control provides the initial trust anchor for authorizing the device with the IoT application.
Our patented dynamic device key generation process provides definitive hardware-level device identification while producing unique, one-time use authentication and encryption keys for each communication session. This device-based trust anchor forms a security foundation for the critical functions operating across the IoT environment. Increasingly, our technology is helping to solve key business issues, by providing revenue leakage protection. The ability to count the number of devices being deployed is critical, and our KeyScaler platform can solve this.
Providing value to Intel® Secure Device Onboard (Intel® SDO)
Device Authority is also involved in Intel® Secure Device Onboard (Intel® SDO), where "headless" devices can be powered on to locate and automatically onboard to IoT management platforms. In this model, Device Authority will receive the anonymous device registration & Intel EPID hardware identity and begin to manage the operational authentication lifecycle for the device. Together this forms a continuous hardware enforced trust anchor from activation to operation.
The combination of EPID hardware identity and Device Authority dynamic key technologies provide ongoing end-to-end operational security for IoT devices, enabling policy-driven access control and data protection for IoT applications and services. Download our solution brief for more information.
Have a Question?
Interested in learning more about how to register, onboard and provision IoT devices? Schedule a 20-minute, online meeting with an IoT security specialist to discuss your individual requirements.