Device Attestation for Matter
Integrating a Matter Digital Attestation Certificate (DAC) into your device is fast and easy with INeS platform
Device Attestion Certificate for Matter Standard
Our managed PKI, INeS, enables companies to get scalable access to Device Attestation Certificates, letting them join the Matter ecosystem with confidence and ease. SEALSQ can also be your strategic security partner throughout your entire product lifecycle.
Device Attestation Certificates (DACs) issued from trusted PKI roots provide encryption, identity, and authentication to devices.
Local connection over Wi-Fi or over Thread enables security and consistent interactivity, even when cloud access isn’t possible.
Native communication and operation between any Matter-compliant device and any hub from any manufacturer.
Easy to buy, easy to set up PKI, easy to generate and deploy certificates.
The Challenge: The complexity of creating and maintaining a PAA
All Matter devices are required to use an attestation keypair and an X.509 certificate signed by a Trusted Certificate Authority (CA) called also Product Attestation Authority (PAA). That means the first step in obtaining Matter compliance—and shipping Matter-certified devices—is to obtain a Matter-trusted device attestation certificate for each device. Becoming a trusted PAA is no small task.
The Solution: INeS SaaS Platform to deliver Matter DACs
WISeKey, is an approved Product Attestation Authority (PAA) for Matter, the standard developed by the Connectivity Standard Alliance (CSA) for delivering seamless interoperability and a common security framework to devices. As a subsidiary of WISeKey, SEALSQ can provide CSA members with the Product Attestation Intermediate (PAI) and Device Attestation Certificates (DACs) required to be Matter compliant. SEALSQ’s Managed PKI solution INeS provides the convenient interface and tools in SaaS mode to operate your PAIs in an easy and efficient way.
SEALSQ’s market-ready chain of trust
A Product Attestation Intermediate, chaining up to SEALSQ/Wisekey’s approved and trusted root for Matter.
Device Attestation Certificate issuance with INeS, with flexible features such as batch enrollment, manufacturing centric workflows.
Public cloud integration
INeS CMS integrates with public cloud services like AWS IoT Core and Azure DPS/IoT hub. IoT devices can easily onboard to a public cloud by using the certificates issued by INeS CMS for device attestation.
Open interfaces support
RESTful APIs and EST enrolment are available for automating the certificate enrolment process and managing the life-cycle of devices.
Client library support
Client library and sample code are supported in different programming languages.
Secure Storage & Provisionning
Private keys can be provisioned and stored securely in Vault IC secure elements
IoT Device to Cloud Authentication
In this paper we address a complex fundamental component of securing IoT: how to give devices and services secure identities so they can interact securely.