IoT Device to Cloud Authentication
A highly secure managed PKI solution covering IoT device authentication to public clouds.
IoT device authentication
There are many ways to authenticate IoT devices, i.e. pre-shared key, symmetric connection string, username & Password etc. Considering the ease of deploying IoT devices without compromising on security, Certificate-based (PKI) authentication would be the best practice for device authentication.
Our managed PKI solution ensures the connected IoT devices are authenticated and users can manage the life-cycle of digital identity of the IoT devices by their preference.
Compared to account/password login, certificate-based authentication is more secure and minimizes the risk of leakage of credentials.
Ease of provisioning
Certificates can be provisioned easily at the different stages of device manufacturing and the provisioning can be flexible to fit in IoT applications.
Managed PKI solution to handle all issued certificates through the full lifecycle of IoT devices.
Focus on your dedication
Simple SaaS MPKI solution allows users to focus on their own application development
The Challenge: The complexity of PKI technology and the maintenance
When designing the authentication of IoT devices in IoT applications, the tradeoff between security and convenience is always a debate. Especially when it requires significant investments, users are usually less informed about security and tend to compromise with security which can lead to disasters. PKI allows to give each object a unique identity avoiding the whole system to be compromised by an attack on a single device. However, implementing PKI can become very complex and costly.
The Solution: Managed PKI combined with a Secure device architecture
Our SaaS product, INeS CMS, is a “managed” PKI service that covers the PKI technologies, PKI infrastructures maintenance, digital identities management and continuous update. It reduces cost and complexity of implementing PKI technology into IoT applications. The combination of INeS MPKI with VaultIC Secure Elements provisioned using Vault-I-Trust services creates a unique vertical solution to easily and cost effectively implement secure Device-to-Cloud authentication across an IoT ecosystem.
Users can configure the issuing CA for a specific organization of INeS CMS. INeS CMS supports Role Based Access Control (RBAC) for the users and its authority to manage resources in the organization (Multi-tenancy).
INeS CMS supports the definition of certificate templates, the generation of standalone certificates or batch certificates, and the management of the issued certificates (i.e. monitor, revoke, re-key).
Public cloud integration
INeS CMS integrates with public cloud services like AWS IoT Core and Azure DPS/IoT hub. IoT devices can easily onboard to a public cloud by using the certificates issued by INeS CMS for device attestation.
Open interfaces support
RESTful APIs and EST enrolment are available for automating the certificate enrolment process and managing the life-cycle of devices.
Client library support
Client library and sample code are supported in different programming languages.
Secure Storage & Provisionning
Private keys can be provisioned and stored securely in VaultIC secure elements
They trust us
IoT Device to Cloud Authentication
In this paper we address a complex fundamental component of securing IoT: how to give devices and services secure identities so they can interact securely.