Over the last few years, many companies have moved their businesses and processes online. While there are many benefits to this, we’ve also seen a rapid increase in how complicated and important it has become for people to manage their credentials securely to all the different websites and services they use daily. Everything from email to social media to financial records revolve around the usage of credentials (usually a username and password) for access. Managing authorized access is a two-way street. The user needs secure credentials to make sure that unauthorized users aren’t using their services or accessing their data, and the server side needs to ensure that their website is protected from attack and the user credentials are secure.
The same challenges apply when the thing at the other end of the server is an IoT device, like a thermostat, a sensor or a video camera. Security is just as important for a device as it is for a person, and the cost of not doing things right can lead to headaches and extra unwanted expenses.
Current IoT Device Authentication is Complex, Costly and Time Consuming
In IoT, devices are typically given a unique identity in one of these ways:
In my past experience as an IoT product manager, I’ve seen companies that have either to deployed complex infrastructure, or make cost-compromised ODM decisions based on trustworthiness or capability to manage this infrastructure, or even worse, assign the responsibility of managing certificates & credentials to a handful of trusted, expensive engineers who would prefer to be working on value creation activities, rather than infrastructure work like this.
Another challenge of both of these approaches is that they both impose inflexibility with ODMs and contract manufacturers. In an age where manufacturing portability is increasingly important, having contractors who have access to sensitive info may be an issue, especially for manufacturers of sensitive IoT products.
What if you could have all the benefits of (3) above without the requirement of having and maintaining a HSM or secure infrastructure in the manufacturing line? Such a solution would provide manufacturing portability and the added security of a hardware enabled certificate combined with the cost savings of not having to maintain an HSM and secure infrastructure.
CIRRENT™ Cloud ID: A Different, Simpler, Cost-Effective and Secure Approach
Today we’re announcing Cloud ID, a chip-to-cloud service that automates the process of cloud certificate provisioning and simplifies IoT device-cloud authentication. The service makes these tasks easier and more secure, while lowering companies’ total cost of ownership. Cloud ID helps entities manage their IoT device credentials and enable secure product to product cloud communications with a ease of use of (1) with the hardened security of (3) and closer to the cost structure of (1).
This diagram represents how simple, quick and secure how Cloud ID is in the manufacturing process.
This is especially important for verticals where security is a priority, like in Finance, Government or Access Control sector. We’re bringing to market a solution which has the simplicity of (1), but need the additional security of (3), provided at a cost structure that’s equal to or less than (2 or 3), but perhaps slightly more than (1).
CIRRENT™ Cloud ID leverages Infineon’s deep history in semiconductors and security, combined with the cloud capabilities of the CIRRENT™ console. The benefit of this approach is when the chips get installed into IoT products, such as video cameras and locks, customers can download the certificates into a manifest file or have the certificates automatically provisioned from the CIRRENT™ Cloud directly into the product cloud. There’s no need for an HSM on the factory floor or a secure, reliable Internet connection from wherever the factory is to the cloud. This approach saves a tremendous amount of operational and capital expense for both high-volume and low-volume manufacturers.
We will be announcing many more product details in the coming weeks, but for now, you can get started with Cloud ID using a virtual dev. kit. For more detailed directions, click here.
If you have any feedback or questions, please let us know.
Learn more about Cloud ID here.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
By technically required cookies we mean cookies without those the technical provision of the online service cannot be ensured. These include e.g. cookies supporting essential services like a smooth reproduction of video or audio footage. So called ‘functional cookies’ are also assigned belonging to this category. Functional cookies store information in order to provide you comfortable use of our online services (e.g. language selection). The legal basis for the processing of personal data by means of cookies of this category is Infineon’s legitimate interest. This includes, among other things, the interest in having a professional external presentation as well as an optimal balancing of the loads on the server due to technical reasons.
By performance and marketing cookies we mean cookies which are technically not required. We use performance and marketing cookies only if you have given us your prior consent. With such cookies, we collect information about how users interact with our website and which pages have been visited. This helps us to understand user activity on our website on an aggregated as well as on a personal level to provide you relevant content and services.