banner product

WISeKeyIoT a solution for securing IoT

The WISeKeyIoT Certificate Management System (CMS) is a software tool with a user-friendly interface and easy-to-integrate API that manages the life-cycle of devices and their digital certificates. These certificates are signed by WISeKey’s Certificate Authority and optionally the OISTE Root of Trust.

The optional security broker performs the authentication and validation of the messages coming from the different IoT devices and transfers only trusted messages to the IoT platform of our customer. The WISeKeyIoT  framework can easily be integrated into an IoT platform by our customers and no additional security mechanisms need to be implemented.

The WISeKeyIoT framework also includes secure provisioning solutions to help maintain consistent high system security, even when the IoT device is in an unsecured environment (e.g. during production or in the field). Device configuration and firmware upgrades are made easy and secure at all times.

WISeKeyIoT CMS can be installed on customer premises, or outsourced to WISeKey and located in one of our secure data centers in Switzerland, USA, India or China. The managed platform can be accesses through a browser and a web-service API. The CMS and the framework are compatible with third party Certificate Authorities (CA), such as the Microsoft PKI or the Enterprise Java Beans Certificate Authority (EJCBA) open source CA.

root-of-key

wisekey-iot Key Points:

  • PKI based security, Swiss Root of Trust
  • Software solution; optional use of tamper resistant chip
  • Easy integration in IoT platform, and in devices
  • Cost effective solution
  • Security for device in operation and for provisioning
  • Certified security
  • WISeKey solid trusted partner

WISeKey Unique Root of Trust Model

A Root of Trust (RoT) is the basis for a global end-to-end security solution. A RoT serves as a common trust anchor, which is recognized by the operating system (OS) and applications, to ensure the authenticity, confidentiality and integrity of on-line transactions. With the certificates signed by this cryptographic RoT, embedded in the device, the IoT product manufacturers can use PKI (Public Key Infrastructure) technologies to secure interaction among objects and between objects and people.

WISeKey is the trusted operator of the International Organization for the Security of Electronic Transaction (OISTE) Global Root, which is widely distributed in commonly used software.

The OISTE Foundation is working with the United Nations and International Organizations. Swiss neutrality, security, and privacy laws allow operations without geo-political or governmental constraints. It Root of Trust is set in a military grade bunker located in the Swiss Alps.

IoT-Oiste-02

Certificate Authority

Based on Trusted Root Keys, WISeKey can be the Certificate Authority (C.A.) generating digital certificates for your application.

Use of Digital Certificates

The digital certificate and associated cryptographic assets are used to identify and authenticate devices during their entire life. Only trusted devices can connect to secure networks.

Digital certificates, for instance SSL certificates, can also be used to secure communication channels from devices to gateways/routers, and from gateways/routers to servers.

WISeKey also offers solutions to control the device’s firmware integrity at initial stage (bootloader) and during upgrades in the field.

Certificate Management System

The WISeKey Certificate Management System (CMS) is a software tool with user friendly interface that allows to manage the life-cycle of subscribers and their digital certificates.

The optional security broker allows to authenticate and validate the messages coming from the different IoT devices and transfer only trusted messages to the IoT platform of our customer. The WISeTrust IoT framework can be easily integrated into customer IoT platform as the customer does not need to implement additional security mechanisms.

The WISeKey CMS also includes secure provisioning solutions to help maintain a consistent high system security, even when the IoT device is in an unsecured environment (contract manufacturers, in the field). Devices configuration and firmware upgrades are made easy and secure at any time.

WISeKey CMS can be installed in customer premises, bur for the ones not willing to deploy their own infrastructure, WISeKey can provide trusted services from any of its local secure datacenters in Switzerland, USA, India or China. The managed platform can be accesses through a browser and a web-service API.

WISeKey Certificate Management System is also compatible with third party C.A. based on Microsoft or Enterprise Java Beans Certificate Authority (EJCBA) open source C.A.

Provisioning

It’s mandatory to protect the data when the devices are in operation, but it is as important to protect the devices and related data when the devices are being manufactured or in maintenance.

WISeKey Provisioning solution allows to securely inject security assets, perform device configuration, upgrade software when the devices are being manufactured or in the field running in a non-secure environment.

Secure Element: VaultIC

VaultIC is a product family, ranging from tamper-resistant Integrated Circuits to software vaults, to be used as a companion to the IoT-device host processor. VaultIC chips feature a configurable cryptographic tool box for authentication, confidentiality and integrity, executed in a secure environment. VaultIC embeds on-chip non-volatile tamper resistant data storage capabilities for keys, certificates and customer data.

The VaultIC chips’ low-power consumption profile make them a viable solution to meet the limited power budgets of IoT devices. VaultIC comes with middleware enabling secure boot, secure firmware update for IoT devices secure communication (SSL/TLS).

vaulic-chip

Summary data sheets

VaultIC 182

VaultIC182 is a Secure microcontroller solution designed to secure various types of systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection.

The proven technology used in VaultIC182 security modules is already widespread and used in national ID/health cards, e-passports, bank cards (storing user Personal Identification Number, account numbers and authentication keys among others), pay-TV access control and cell phone SIM cards (allowing the storage of subscribers’ unique ID, PIN code, and authentication to the network), where cloning must definitely be prevented.
Read More about WISeKey’ solution by downloading VaultIC 182

vaulic-182

VaultIC405

The VaultIC405 is an ASSP designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection.
Read More about WISeKey’ solution by downloading VaultIC405

vaulic-405

Security Certifications

The VaultIC offer the best digital security guaranteed by independent certifications:

  • FIPS 140-2 Level 3
  • Based on state of the art secure microcontrollers certified to Common Criteria EAL4+/5+
  • WebTrust seal for CMS platform (annual audit by third party)

security-cert