Provisioning in IoT
Enable identity, encryption, and authentication. Provision unique identities from your IoT PKI to encrypt communications and authenticate devices with IoT platforms applications and other devices.
Applications
Creating & Managing secure IoT device identities
The process of providing a device with an identity is referred to as provisioning. Once generated, the device identities need to get from the manufacturing source to the devices and services. There are generally two approaches to provisioning device identities: factory provisioning and cloud-based field provisioning.
With factory provisioning, the greenfield device identities are bound to the device in a factory during the manufacturing process. The primary reason to do factory provisioning is to take advantage of secure hardware, to remove supply chain bottlenecks, when on-premises deployment is requested
- Highly scalable device identity provisioning
- Cost effective PKI
- Secure and trustworthy
- SEAL SQ professional services
Digital Identity during greenfield device Manufacturing
SEAL SQ enhances the security of any connected system by offering the provisioning of Identities as a service. Once generated by SEAL SQ or its customers, Trusted Identities can then be individually injected into the chips, into the electronics boards at customer or subcontractor premises. The secure web portal gives customers a way to completely configure and track their provisioning.
Secure data generation fully supports the PKI certificate signature by a Factory Certificate Authority (CA), allowing this PKI specific trust hierarchy. To make this flexible, SEAL SQ has defined various trust configurations involving various CA levels. As a trust partner, SEAL SQ can operate this CA. As a service, SEAL SQ can also help its customers to operate their own private CA and define their own PKI architecture.
Key Benefits
- Secure key provisioning
- Key lifecycle management
- Secure key storage
- Up-to-date algorithms
With cloud-based field provisioning, the device is given some minimal identity at manufacturing time, but it is not given a complete identity until it is first installed by the end user in the field. This is required if the identity of the device cannot be completely known until it is deployed.
- Integrated PKI platform
- APIs and Integrations
- Lightweight C-Agent
- One-click revocation
- Provides lifecycle operations, e.g renewal
Cloud-based field provisioning
SEAL SQ PKI is highly scalable. Our device identities are already in 1.5bn devices worldwide, and SEAL SQ PKI, INeS ™ flexibility meets the needs of the evolving IoT market.
Key Benefits
- Flexible CA hierarchy
- Scalable securely as needs grow
- Speed to market and flexibility
- Cost effective
Certificate-based identities also offer the necessary foundation for a secure zero-touch provisioning with different IoT platforms and cloud services.
This is achieved through the enrolment of additional local certificates (LDevID), called also birth certificates attesting device ownership by a customer and using these identities for automatic device provisioning and authentication to the cloud.
- Certificate enrollment by the device through standard protocols
- Advanced Web GUI (Graphic User Interface) with multi-tenant capabilities
- Versatile REST APIs that allow easy integration with the business applications of the customer for device registration, certificate issuing, renewal and revocation.
Zero-Touch provisioning
Device identity management is a key consideration to secure IoT devices, where the process must be protected for both authenticating devices and authorizing access based on permissions. One of the best ways to provision
secure device identities are through a PKI.
Key Benefits
- Automation in identity provisioning
- Scalability and configurability
- Faster installation and deployment
- Fewer provisioning errors
Certifications
SEALSQ PKI is WebTrust certified.
The WebTrust certification covers all areas of the solution; from the people to the process, the infrastructure and solution itself.
By using a complete WebTrust compliant Certificate Authority, you can be assured that your PKI is being managed correctly.
Digital identity provisioning and zero-touch onboarding for IoT
Zero Touch provisioning is an automatic and secure way to onboard devices in any IoT cloud platform that uses X.509 authentication technology.