IoT Security Platform

Embed trust, integrity & control at the root of your IoT business

We provide a device-to-cloud solution for securing your all the key assets of your IoT ecosystem, end to end and during its entire lifecycle. 

We integrate seamlessly with your devices and backend, enabling and securing all the applications and use cases that drive your connected business.

Benefits of the Kudelski IoT Security Platform

Easy access to trust, integrity and control for your IoT business

Your long-term success depends on your ability to build on trusted foundations (your data, your devices, your connectivity), along with your ability to efficiently manage and scale your IoT ecosystem.

Trust

Data is at the core of your connected business. With our platform, you can trust the origin, authenticity and confidentiality of your data. From when it is generated to when it’s processed by authorized applications and users.

Integrity

Your devices form the foundation of your connected business, so we help you secure them from the start. Secure devices ensure their data has the integrity required for decision making and AI applications.

Control

We give you secure, fine-grained control over your devices, their features and your data so that you can protect your investment, launch new business models, meet important regulatory requirements and ultimately protect your business investment.

Our IoT Security Platform’s business benefits

Our IoT Security Platform not only establishes the long-term viability of your business investment, it can ultimately give you a competitive business advantage. The platform’s capabilities will simplify new revenue models, ensure compliance and full user and device safety, all while protecting your intellectual property (IP).

 

Establish compliance

Comply with data privacy laws like GDPR and HIPAA using adapted encryption and fine-grained access control.

Enable monetization

Create new business models and offer newrecurring or one-off paid features using our secure feature authorization function.

Ensure safety

Prevent device tampering 
and unauthorized actions by enabling secure boot, remote attestation, secure FOTA and command authentication.

Protect IP

Control access to your device, protect your firmware from theft and reverse engineering and prevent counterfeiting.

Our IoT Security Platform’s technology benefits

Our IoT security platform gives you the secure foundations you require to protect all  your key IoT assets. Get to market faster, maximize the lifetime of your devices, gain immediate control over their full lifecycle, all while keeping your technical independence and choosing your preferred hardware, cloud and communication technologies.

Security for the entire product lifecycle

Integrated active security measures secure your products from provisioning to decommissioning.

High efficiency for real-world use cases

Our proven security technologies reduce bandwidth overhead while maximizing power, extending the lifetime of your device.

Ready-to-use solutions for your industry

By pre-integrating our technology with key ecosystem partners, we accelerate your time to market.

Chipset & platform independence

We secure the device, chipsets, modules and cloud platforms of your choice, all using a single management platform.

Platform Capabilities & Features

Easily secure and manage your IoT ecosystem with trusted functions

The Kudelski IoT Security Platform provides you with functions to identify, secure, manage and authorize your IoT devices, protect your data, control access, and actively secure them over time.

Device identity and security

Device and Identity features enable a robust authentication and identification of the device enabling trust in the authenticity of the origin of data.

Device Identity Provisioning

Device Identity Provisioning is the process by which trusted device identities are is written into the Root of Trust. These identities enable remote management by the device owner of a device or group of devices. Device Identity provisioning is performed either at the boot of the device or after production through ingestion of production logs into the system.

Tiered Identity

Multiple identities can be tiered to the main RoT identity allowing identification at different stages of the device product process. For example, a Wi-Fi module serial number is sealed into the RoT at boot of the module. At a later stage the Wi-Fi module is integrated into a connected coffee machine. The coffee machine serial number can now be sealed into the RoT and can be used as a primary identifier.

Device Authentication & Registration

Device Registration is the process by which a Device registers with the IoT Platform with its Device Identity and is then enrolled in the customer’s Device Manager based on pre-defined rules. The platform has been developed with real-world operational scenarios in mind: field returns, debugging and refurbishing scenarios are all supported.

Group-Based Device Management

The Platform provides APIs to address operations based on groups of trusted identities of particular attributes ensuring maximum efficiency in addressing and managing large numbers of devices.

Zero-Touch Provisioning / Cloud Onboarding

Authenticated and trusted devices do not need to provision their devices with 3rd-party IoT cloud providers’ PKI based device certificates in order to connect to 3rd-party clouds. This remote provisioning greatly simplifies the personalization processes as well as reducing the overall device bill of materials.

Remote Attestation / Device State Change Tracking

Device run time code can be attested to be authentic. Any external measurements such as runtime code Platform Configuration Registers (PCR) values are reported to the Server for analysis and corrective actions in case of discrepancies.

Device Sleep Management

The Security Client is designed to support interactions with the device to enable efficient usage of battery resources. For example, the state of security operations/functions can be saved before entering Deep Sleep to enable fast and network- and power-efficient resumption.

Data security

Data Security functions provide simple means to securely manage application data locally, in transit to cloud and in the cloud. Data authenticity, integrity and confidentiality are ensured. Additionally, data stored locally in the devices is secured and can be erased if required. This provides a single data encryption scheme across device, network and cloud.

End-to-End Data Encryption

Kudelski’s IoT Security Client provides functions to encrypt data using ephemeral keys generated by the root of trust on the device or the server. Data can be decrypted by the server or client application by requesting the key for decryption. Where confidentiality is not required, data can be authenticated only enabling inteermediate processing.

Secure Data Storage / Local Data Encryption

Data can be encrypted and decrypted locally on the device by leveraging the IoT Security Client and the RoT. This data remains confidential within the device.

DTLS Client and Independent Endpoint

Both the Security Client and the Server provide a DTLS stack that is optimized for LPWA use cases. It leverages the Platforms’ pre-shared key scheme to enable a simple opening of a secured tunnel between a Device and an Application endpoint. The DTLS Server is provided as an independently deployable container for instantiating into the your cloud.

Key Management for DTLS

Generic APIs are provided for managing keys. These APIs can be used to implement your own encryption schemes, in particular those used for securing IP connections. The same shared keys can be requested either from the Kudelski IoT Security Client or the Kudelski IoT Security Server. This is proven very efficient in constrained networks where data transfer is expensive. The key management API can be used to provision shared keys to a standard secure communication stacks (openSSL, mbedTLS, tinyDTLS).

Chip-to-Chip Security

The Kudelski IoT Security Client provides mechanisms to cryptographically link the different components of a device or subsystem together where authentication and confidentiality of communication between the different components is required.

Access management

Access Management functions allow fine-grained authorization of features on the Kudelski IoT Security Platform or IoT Application.

Role-Based Access Control

RBAC is enforced to segregate application vs management API access. Identities can be delegated to external identity providers through standard interfaces. Access to device resources can be segregated by device or by device type.

Application Feature Authorization

Application features can be enabled on devices using tokens generated by the IoT Security Platform. Tokens can be used to give authorizations for time-bounded periods.

Security Feature Authorization

Security features, such as the Local Data Encryption can be authorized through the Platform to enable for example subscription-based monetization schemes.

Active security

The Kudelski IoT Security Platform integrates dynamic security functions from day one that enable security renewability.

Root of Trust Firmware Update

Kudelski RoTs are designed to be updated from the outset with patching mechanisms supported to limit bandwidth on constrained networks. The Platform provides APIs to schedule, test and track update campaigns.

Key management and key renewability

Key management functions enable the generation of shared keys between the RoT and the Server. Renewal of keys, for example to enforce or revoke certain functions on the devices, can be managed through simple Platform APIs.

Secure FOTA

The Platform’s key management and DTLS stacks enable secure deployment and updates of device firmware.

FREE DOWNLOAD

IoT Security Suite FACT SHEET

Discover how we enpower and fit into your IoT security journey

How the platform works

Our Secure Client with Root of Trust and Security Server secure your business end to end

The platform consists of two main elements: a security client and security server, that easily integrate with your devices and back-end platforms and applications using simple APIs.

1. Device-Side

Robust device identity

One of the biggest challenges in IoT security is establishing an immutable identity (root of trust) in hardware (or software) that forms the basis for all other security use cases.

Root or Trust

The Root of Trust (RoT) is integrated in software or embedded as hardware into the device and is the foundation for all security use cases. This root of trust is personalized when the component hosting the security is manufactured. Today we offer different security clients that bring increasing levels of robustness to the solution including Secure Elements, eSIMs and software hardened soluiton.

Secure Client Library

The Secure Client Library (SCL) integrates with the device firmware and applications and acts as a driver to provide APIs to all security functions of the Root of Trust and of the Kudelski IoT Security Platform.

The Secure Client Library (SCL) is delivered as an SDK including test suites and documentation to test the SCL and SAL API integration.

2. Backend-Side

Secure Data, Decisions, Commands and Actions

Achieving your IoT business objectives depends on your ability to process and act on data. We create trust between all physical, digital and human assets in your IoT ecosystem and fully attest to data origin and integrity.

Security Server

The Security Server connects to your back-end platform to enable secure features by any authorized application.

The server provides trusted data to the customer’s backend. The data sent between the device and the cloud is identified, authenticated and traceable.

REST API

Device and Server APIs enable encryption, authentication and manage all IoT business logic. All Server functions are provided through REST APIs.
An online documentation kit is available to support the end-to-end integration of the Server and Client APIs including reference code for all functionalities of the platform.

IMPLEMENTATION

How we integrate IoT security into your ecosystem

Start with one or more security use cases, grow over time by adding new ones. Our scalable and future-proof system will enable you to adapt and grow to improve security and add new functionality.

1. Embed

Root of Trust

You can choose to embed one of our pre-integrated RoT elements or we can integrate it with the technology of your choice.

  • Secure Element (download doc)
  • eSims (industrial & consumer grade)
  • Hardened Software RoT

2. INTEGRATE

IoT Secure Client Library (SCL)

You then integrate the Security Client Library with your device’s firmware or software.

By working with our IoT Security Design & Evaluation labs during the design phase of your product, we can advise you on:

  • the best architecture for your business objectives
  • technical environment
  • IoT use cases

3. CONNECT

IoT Security Server

Using simple, well-defined and documented API’s, you integrate your cloud or on-premises backend with our cloud-based IoT Security Server, enabling and securing any IoT use case you require.

We currently support customers using the following platforms

  • AWS IoT
  • Microsoft Azure IoT Hub
DEMO WEBINAR

Watch the Platform Demonstration Webinar

Learn how we secure your connected business

Let's get in contact

Our team will be in touch shortly

New Field

New Field

This site's forms are protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

$100 B/yr

Revenue Protected

32

Offices worldwide

400 M +

Devices secured

$200 M/yr

R&D investment

11'000

Clients

$827 M

Revenues (2019)