An off-the-shelf secure authentication IC combined with cloud-based security software-as-a-service (SaaS) claims to manage and update embedded security credentials in the field instead of being limited to a static certificate chain implemented during manufacturing.
Microchip’s ECC608 TrustMANAGER authentication ICs are paired with Kudelski IoT’s keySTREAM device-to-cloud solution for securing key assets end-to-end in an IoT ecosystem throughout a product’s lifecycle. The combo enables custom cryptographic credentials to be accurately provisioned at the endpoint without requiring supply chain customization and can be managed by the end user.
Figure 1 Here is how a security silicon component (left) works with IoT cloud software for in-field provisioning. Source: Microchip
ECC608 TrustMANAGER, a secure authentication IC designed to store and protect cryptographic keys and certificates, is managed by the keySTREAM SaaS. Their combination allows end users to set up a self-serve root Certificate Authority (root CA). Next, the associated public key infrastructure (PKI) secured by Kudelski IoT creates and manages a dynamic certificate chain and provisions devices in the field the first time they are connected.
Once claimed in the SaaS account, the IoT devices are automatically activated in the user’s keySTREAM service via in-field provisioning. In other words, security ICs like ECC608 TrustMANAGER come with a pre-provisioned set of keys that will be controlled by keySTREAM at the time the IoT device connects for the first time.
The operation—called in-field provisioning of the PKI— happens in-field, and after in-field provisioning, the fleet of devices containing the ECC608 TrustMANAGER is first claimed and then activated in the user’s keySTREAM account.
An IoT device is “claimed” when the purchased batch of security ICs shows up in the keySTREAM account but not connected yet. It’s “activated” when the purchased batch of security ICs is connected to keySTREAM and the in-field provisioning takes place.
Figure 2 Specialized authentication semiconductors tie up with IoT security services for reliable cybersecurity on embedded systems. Source: Microchip
It’s a pivotal moment in the industry’s quest to secure the IoT landscape and make provisioning easier. Especially when the volume of connected devices rapidly increases, and security standards and regulations steadily tighten.
Moreover, security standards and upcoming regulations increasingly require the upgradability of security infrastructure for IoT devices. This poses a dilemma for traditionally static IoT security implementations, which require physical upgrades like changing out the security ICs in each device to stay in compliance.
The combo of silicon components and key management SaaS automates provisioning and facilitates easy device ownership management without changing hardware. It also streamlines the supply chain processes for distribution partners.
Related Content
- Best practice for end-to-end IoT security
- Practical steps to security for IoT devices
- Navigating IoT security in a connected world
- Legal requirements for IoT security start to emerge
- Hardware-Based Design Approach for Smart-Home IoT Security
<!–
VIDEO AD
–>
<!–
div-gpt-ad-inread
–>
googletag.cmd.push(function() { googletag.display(‘div-gpt-ad-inread’); });
googletag.cmd.push(function() { googletag.display(‘div-gpt-ad-native’); });
–>
The post Authentication IC ties up with IoT SaaS for in-field provisioning appeared first on EDN.
