A device's birth certificate is essential for seamless integration, security, and efficient communication. Implementing standardized protocols and cryptographic measures ensures a reliable digital identity for every connected object. This unique identifier fosters trust, accountability, and streamlined management within the interconnected world of IIoT.
Birth certificate: Why is such an "ID card" so important?
Once there is a secure hardware location capable of storing secrets and performing cryptographic operations, the question of the unique, forgery-proof ID card of the IoT device can be addressed.
But why is such an ID card so important? Well, because it will do two things:
- Ensure that a device is authentic and not a forged clone.
- Ensure that the data exchanged (between the device and the cloud for example), is authentic and comes from the device concerned.
A digital identity for an IoT product is similar to a birth certificate for a human. In fact, the term "birth certificate" is also used in the IoT world.
A birth certificate mentions a person's name, parents, gender, date of birth. It is certified by an administration recognized by all (usually a public administration).
The birth certificate of a connected object will mention its serial number and will be certified (signed) by the manufacturer who will act as a certification authority ("CA", a trusted certification authority that ensures the digital identity is actually linked to the device).
The public-private cryptographic key pair at the heart of cyber security
When we talk about certificates, private data and signatures, we immediately think of cryptographic systems based on asymmetric keys.
The birth certificate of a connected object is based on a public-private cryptographic key pair that is unique to the IoT device. The private key does not leave the device. It is used whenever the device needs to prove its identity or sign data.
When a device connects to the cloud, the cloud checks that:
- The object's certificate is valid (that the certificate signature is valid).
- The object is in possession of the private key, as it encapsulates the essence of the identity of the IoT device.
When these two parameters are verified, the connected object is authorized to exchange with the cloud. As always, protecting the private key is at the heart of security. It must be protected at all costs, to prevent the device from being impersonated.
Ewon implements advanced security best practices
In Ewon's case, this private key is stored in the Secure Element of the Cosy+ remote access gateway, an ultra-secure and shielded hardware location. The use of this Secure Element is considered a very advanced security measure, which clearly distinguishes Ewon's solution from all others. This is why we are certain that the Ewon Cosy+ is already setting up a new security standard in the industry.