GlobalSign launches IoT Identity Platform addressing IoT device security requirements
GlobalSign’s IoT Identity Platform is a set of products and services flexible and scalable enough to issue and manage billions of identities for IoT devices of all types.
Using Public Key Infrastructure (PKI) as the identity mechanism, the IoT Identify Platform can serve the varied security use-cases of the IoT across all verticals, including manufacturing, agriculture, smart grid, payments, IoT gateways, healthcare, other industrial ecosystems and more.
The Platform supports device identity lifecycle, from initial certificate provisioning (both greenfield and brownfield deployments) to lifetime maintenance through to final sunsetting, decommissioning or transfer of ownership.
Giving each device or endpoint a unique identity allows them to get authenticated when they come online and then throughout their lifetime, prove their integrity, and securely communicate with other devices, services and users.
The central feature of the Platform is IoT Edge Enroll, a full-fledged enrollment client used to provision and manage PKI-based identities to IoT devices of all types.
Providing these unique identities to all devices enables trust within the ecosystem, allowing for mutual authentication between devices and systems as well as protecting communications from eavesdropping or tampering.
IoT Edge Enroll provides a way to deploy these identities and maintain them throughout the full device lifecycle, with added features such as device Registration Authority (RA), certificate lifecycle management, and expanded protocol support.
The cloud-based IoT Identity Platform needs a way to communicate with end devices to deliver, validate and revoke identities, and IoT Edge Enroll acts as the enrollment mechanism.
GlobalSign can issue certificates at unprecedented speed and volume – more than 3,000 per second. There are three integration options and a combination of these can be used depending on a user’s environment.
- IoT Edge Enroll – Delivering a comprehensive enrollment client with enhanced features that include device RA, certificate lifecycle management and expanded protocol support.
- IoT CA Direct – Created for environments that only require a device identity issuance engine. In-house systems are able to communicate with GlobalSign’s services via a modern RESTful API, and handle device enrollment and lifecycle management.
- IoT CA Connect – Ideal for environments using a third-party device and identity management solution which handles device enrollment and lifecycle management. In addition, it enables developers to issue certificates to devices directly from their own platforms.
“The GlobalSign IoT Identity Platform greatly improves the process of identity lifecycle management, from enabling customers to use our highly scalable managed PKI solution as an identity issuing engine to full-fledged enrollment and flexible API integrations with other application and platforms,” said Lancen LaChance, Vice President, IoT Solutions, GlobalSign.
“The Platform meets a tremendous need in the marketplace as security is essential to IoT ecosystems, and is well-suited to low-cost IoT device implementations. Currently, we have a number of early adopter companies using the IoT Identity Platform with very positive results.”
By offering scalable certificate issuance and flexible API integrations, GlobalSign’s IoT Identity Platform offers the essentials of implementing PKI for IoT devices. Key features of the platform include:
- PKI-based, strong and unique device identities – Leverage standards-based PKI to authenticate and establish trust between devices and services, as well as encrypt and ensure the integrity of the source of all data transmitted within your ecosystem.
- Scalable – Secure RESTful APIs support high volume and throughput, capable of issuing millions of certificates per day and more than 3,000 certificates per second.
- Flexible – Support for complex PKI hierarchies, with dedicated intermediates and public or private trust, along with flexible certificate formats or extensions to accommodate virtually any ecosystem and industry.
- Interoperability – GlobalSign enables trust through the entire IoT stack, via partnerships on the device side with secure elements (e.g., TPMs, PUFs) and Secure MCUs, and on the cloud side with virtually every cloud platform provider (e.g., Arm Mbed Cloud platform, AWS IoT, Azure IoT Hub).
GlobalSign’s IoT Identity Platform is available today.