Securing the Internet of Things
Root of Trust and Technology platform for IoT
Securing the Internet of Things
Technology allows to connect people-to-machines and machines-to-machines:
- creating new opportunities to improve people’s life;
- optimize processes and resources;
- reduce risk towards end users;
- improve end-user experience; create or improve businesses.
This can only happen if data can be trusted
WISeKey provides an end-to-end scalable security framework, to be integrated into IoT platforms and objects, based on PKI technology to protect the Data at rest or in transit.
WISeKey is a provider of trusted cryptographic root keys and security solutions and proposes products and services to distribute, use and manage digital certificates and associated secure ssets.
WISeKey proposes and recommends the use of secure hardware (tamper resistant chips) in all IOT devices to avoid creating a weak link (hacker entry point) in the IoT network infrastructure.
WISeKey Unique Root of Trust Model
A Root of Trust (RoT) is the basis for a global end-to-end security solution. A RoT serves as a common trust anchor, which is recognized by the operating system (OS) and applications, and ensures the authenticity, confidentiality and integrity of on-line transactions. With the cryptographic RoT embedded in the device, the IoT product manufacturers can use PKI (Public Key Infrastructure) technologies to secure interaction among objects and between objects and people.
WISeKey has a unique positioning to offer… a consistent security system from the RoT to back-office. WISeKey is the trusted operator of the International Organization for the Security of Electronic Transaction (OISTE) Global Root. The OISTE Foundation is working with the United Nation and many international organizations in this area. Swiss neutrality, security, and privacy laws allow operations without geo-political or governmental constraints. The WISeKey RoT is the only one available outside NATO and it is located in a military grade bunker located in the Swiss Alps.
Based on Trusted Root Keys, WISeKey can be the Certificate Authority (C.A.) generating digital certificates for your application.
Use of Digital Certificates
The digital certificate and associated cryptographic assets are used to identify and authenticate devices during their entire life. Only trusted devices can connect to secure networks.
Digital certificates, for instance SSL certificates, can also be used to secure communication channels from devices to gateways/routers, and from gateways/routers to servers.
WISeKey also offers solutions to control the device’s firmware integrity at initial stage (bootloader) and during upgrades in the field.
Certificate Management System
The WISeKey Certificate Management System (CMS) is a software tool with user friendly interface that allows to manage the life-cycle of subscribers and their digital certificates.
The optional security broker allows to authenticate and validate the messages coming from the different IoT devices and transfer only trusted messages to the IoT platform of our customer. The WISeTrust IoT framework can be easily integrated into customer IoT platform as the customer does not need to implement additional security mechanisms.
The WISeKey CMS also includes secure provisioning solutions to help maintain a consistent high system security, even when the IoT device is in an unsecured environment (contract manufacturers, in the field). Devices configuration and firmware upgrades are made easy and secure at any time.
WISeKey CMS can be installed in customer premises, bur for the ones not willing to deploy their own infrastructure, WISeKey can provide trusted services from any of its local secure datacenters in Switzerland, USA, India or China. The managed platform can be accesses through a browser and a web-service API.
WISeKey Certificate Management System is also compatible with third party C.A. based on Microsoft or Enterprise Java Beans Certificate Authority (EJCBA) open source C.A.
It’s mandatory to protect the data when the devices are in operation, but it is as important to protect the devices and related data when the devices are being manufactured or in maintenance.
WISeKey Provisioning solution allows to securely inject security assets, perform device configuration, upgrade software when the devices are being manufactured or in the field running in a non-secure environment.
Secure Chip- VaultIC
VaultIC is a product family of tamper resistant chips to be used as a companion chip to the IoT-device host processor. VaultIC embeds configurable cryptographic tool boxes for Authentication, Confidentiality and Integrity executed in a secure environment as well as on-chip tamper resistant data storage capabilities (NVM) for keys, certificates and customer data.
The VaultIC low-power consumption profile makes it a viable solution to meet the limited power budgets of the embedded IoT nodes.
VaultIC comes with middleware including secure boot, secure firmware update for IoT devices and a secure communication (SSL/TLS) stack.
The use of secure hardware is recommended to avoid creating a weak link (entry point) in the IoT network infrastructure.
Summary data sheets
The VaultIC offer the best digital security guaranteed by independent certifications:
- FIPS 140-2 Level 3
- Based on state of the art secure microcontrollers certified to Common Criteria EAL4+/5+
- WebTrust seal for CMS platform (annual audit by third party)