DigiCert, Inc., one of the world’s renowned provider of TLS/SSL, IoT and PKI solutions, helps companies provision and manage digital certificates at any point during the product lifecycle with the new release of the IoT Device Manager. Manufacturers can now embed certificates on chipsets prior to and during manufacturing, or directly to an edge device, for complete end-to-end device security.
IoT Device Manager is built on DigiCert ONE, which enables rapid, automated PKI deployment as a customer-managed, on-premises or cloud solution, or managed by DigiCert for any environment. A challenge that manufacturers face when implementing PKI is figuring out how to provision certificates to devices during the manufacturing and assembly process. Changing manufacturing processes by implementing new technology can be a time consuming and expensive undertaking.
Digital certificate data
To address this challenge, DigiCert provisions authentication and signing certificates to chips prior to arriving at the manufacturing plant for assembly. Having certificates pre-provisioned allows manufacturers, without changing any processes, to achieve the benefits of device identity, strong mutual authentication, and secure boot and over-the-air updates through the use of digital signatures.
Metadata on the device's characteristics can be loaded into DigiCert IoT Device Manager
Additionally, as manufacturers look for more device-level data and management capabilities, metadata on the device's characteristics - including serial numbers, batch numbers and digital certificate data - can be loaded into DigiCert IoT Device Manager to support full device management capabilities throughout a device's lifetime.
Threat response platform
“Signing is a critical component of strong IoT security, and manufacturers are continually signing a variety of programming elements to ensure the integrity of interactions with their devices, and the data coming from it,” said DigiCert SVP of Product Brian Trzupek.
“Together with assuring the identity of the device at the time of manufacture and enabling certificate requests directly from any deployed device, IoT Device Manager is part of a holistic security and threat response platform for IoT device security.”
IoT security requirements
Manufacturers are simplifying the complexity of IoT deployments by pushing more activity to the edge device. To support this transition, a device-centric API in the IoT Device Manager enables unique devices to request, update and manage the lifecycle of certificates. Complicated and expensive service layers that take time and effort to develop are no longer necessary for certificate provisioning and management.
This feature allows manufacturers to simplify deployments, accelerate time to market and reduce the overall risk of their PKI. IoT Device Manager uses a container-based, cloud-native implementation to:
- Allow organizations to provision and embed device identity at any stage of the device lifecycle, from the factory to device deployment in a variety of environments to provide trusted and secure operations.
- Simplify device identity, authentication, encryption and integrity with a single click and marry device data visualization with cryptographic, manufacturing and factory process data.
- Support standards-based interoperability with third-party manufacturing and provisioning systems and enable technology partners to address a variety of use cases for today’s IoT security requirements.
Private key management
Secure Software Manager can be utilised together with IoT Device Manager to:
- Deploy modern PKI automation for frictionless secure code signing and private key management.
- Sign all files at any stage of the development cycle, not only for specific code but also clusters and containers.
DigiCert ONE is a PKI management platform developed with cloud-native architecture and technology to be the PKI infrastructure service to solve today's security challenges. Released in 2020, DigiCert ONE offers multiple management solutions and is designed for all PKI use cases.
Its flexibility allows it to be deployed on-premises, in-country or in the cloud to meet stringent requirements, custom integrations and airgap needs. It also deploys extremely high volumes of certificates quickly using a robust and highly scalable infrastructure. DigiCert ONE delivers end-to-end centralized user and device certificate management, a modern approach to PKI to provide trust across dynamic IT architectures.