IoT Security Platform
Embed trust, integrity & control at the root of your IoT business
We provide a device-to-cloud solution for securing your all the key assets of your IoT ecosystem, end to end and during its entire lifecycle.
We integrate seamlessly with your devices and backend, enabling and securing all the applications and use cases that drive your connected business.
Discover the Kudelski IoT Security Platform
Benefits of the Kudelski IoT Security Platform
Easy access to trust, integrity and control for your IoT business
Your long-term success depends on your ability to build on trusted foundations (your data, your devices, your connectivity), along with your ability to efficiently manage and scale your IoT ecosystem.
Data is at the core of your connected business. With our platform, you can trust the origin, authenticity and confidentiality of your data. From when it is generated to when it’s processed by authorized applications and users.
Your devices form the foundation of your connected business, so we help you secure them from the start. Secure devices ensure their data has the integrity required for decision making and AI applications.
We give you secure, fine-grained control over your devices, their features and your data so that you can protect your investment, launch new business models, meet important regulatory requirements and ultimately protect your business investment.
Our IoT Security Platform’s business benefits
Our IoT Security Platform not only establishes the long-term viability of your business investment, it can ultimately give you a competitive business advantage. The platform’s capabilities will simplify new revenue models, ensure compliance and full user and device safety, all while protecting your intellectual property (IP).
Comply with data privacy laws like GDPR and HIPAA using adapted encryption and fine-grained access control.
Create new business models and offer newrecurring or one-off paid features using our secure feature authorization function.
Prevent device tampering and unauthorized actions by enabling secure boot, remote attestation, secure FOTA and command authentication.
Control access to your device, protect your firmware from theft and reverse engineering and prevent counterfeiting.
Our IoT Security Platform’s technology benefits
Our IoT security platform gives you the secure foundations you require to protect all your key IoT assets. Get to market faster, maximize the lifetime of your devices, gain immediate control over their full lifecycle, all while keeping your technical independence and choosing your preferred hardware, cloud and communication technologies.
Security for the entire product lifecycle
Integrated active security measures secure your products from provisioning to decommissioning.
High efficiency for real-world use cases
Our proven security technologies reduce bandwidth overhead while maximizing power, extending the lifetime of your device.
Ready-to-use solutions for your industry
By pre-integrating our technology with key ecosystem partners, we accelerate your time to market.
Chipset & platform independence
We secure the device, chipsets, modules and cloud platforms of your choice, all using a single management platform.
Platform Capabilities & Features
Easily secure and manage your IoT ecosystem with trusted functions
The Kudelski IoT Security Platform provides you with functions to identify, secure, manage and authorize your IoT devices, protect your data, control access, and actively secure them over time.
Device identity and security
Device and Identity features enable a robust authentication and identification of the device enabling trust in the authenticity of the origin of data.
Device Identity Provisioning
Device Identity Provisioning is the process by which trusted device identities are is written into the Root of Trust. These identities enable remote management by the device owner of a device or group of devices. Device Identity provisioning is performed either at the boot of the device or after production through ingestion of production logs into the system.
Multiple identities can be tiered to the main RoT identity allowing identification at different stages of the device product process. For example, a Wi-Fi module serial number is sealed into the RoT at boot of the module. At a later stage the Wi-Fi module is integrated into a connected coffee machine. The coffee machine serial number can now be sealed into the RoT and can be used as a primary identifier.
Device Authentication & Registration
Device Registration is the process by which a Device registers with the IoT Platform with its Device Identity and is then enrolled in the customer’s Device Manager based on pre-defined rules. The platform has been developed with real-world operational scenarios in mind: field returns, debugging and refurbishing scenarios are all supported.
Group-Based Device Management
The Platform provides APIs to address operations based on groups of trusted identities of particular attributes ensuring maximum efficiency in addressing and managing large numbers of devices.
Zero-Touch Provisioning / Cloud Onboarding
Authenticated and trusted devices do not need to provision their devices with 3rd-party IoT cloud providers’ PKI based device certificates in order to connect to 3rd-party clouds. This remote provisioning greatly simplifies the personalization processes as well as reducing the overall device bill of materials.
Remote Attestation / Device State Change Tracking
Device run time code can be attested to be authentic. Any external measurements such as runtime code Platform Configuration Registers (PCR) values are reported to the Server for analysis and corrective actions in case of discrepancies.
Device Sleep Management
The Security Client is designed to support interactions with the device to enable efficient usage of battery resources. For example, the state of security operations/functions can be saved before entering Deep Sleep to enable fast and network- and power-efficient resumption.
Data Security functions provide simple means to securely manage application data locally, in transit to cloud and in the cloud. Data authenticity, integrity and confidentiality are ensured. Additionally, data stored locally in the devices is secured and can be erased if required. This provides a single data encryption scheme across device, network and cloud.
End-to-End Data Encryption
Kudelski’s IoT Security Client provides functions to encrypt data using ephemeral keys generated by the root of trust on the device or the server. Data can be decrypted by the server or client application by requesting the key for decryption. Where confidentiality is not required, data can be authenticated only enabling inteermediate processing.
Secure Data Storage / Local Data Encryption
Data can be encrypted and decrypted locally on the device by leveraging the IoT Security Client and the RoT. This data remains confidential within the device.
DTLS Client and Independent Endpoint
Both the Security Client and the Server provide a DTLS stack that is optimized for LPWA use cases. It leverages the Platforms’ pre-shared key scheme to enable a simple opening of a secured tunnel between a Device and an Application endpoint. The DTLS Server is provided as an independently deployable container for instantiating into the your cloud.
Key Management for DTLS
Generic APIs are provided for managing keys. These APIs can be used to implement your own encryption schemes, in particular those used for securing IP connections. The same shared keys can be requested either from the Kudelski IoT Security Client or the Kudelski IoT Security Server. This is proven very efficient in constrained networks where data transfer is expensive. The key management API can be used to provision shared keys to a standard secure communication stacks (openSSL, mbedTLS, tinyDTLS).
The Kudelski IoT Security Client provides mechanisms to cryptographically link the different components of a device or subsystem together where authentication and confidentiality of communication between the different components is required.
Access Management functions allow fine-grained authorization of features on the Kudelski IoT Security Platform or IoT Application.
Role-Based Access Control
RBAC is enforced to segregate application vs management API access. Identities can be delegated to external identity providers through standard interfaces. Access to device resources can be segregated by device or by device type.
Application Feature Authorization
Application features can be enabled on devices using tokens generated by the IoT Security Platform. Tokens can be used to give authorizations for time-bounded periods.
Security Feature Authorization
Security features, such as the Local Data Encryption can be authorized through the Platform to enable for example subscription-based monetization schemes.
The Kudelski IoT Security Platform integrates dynamic security functions from day one that enable security renewability.
Root of Trust Firmware Update
Kudelski RoTs are designed to be updated from the outset with patching mechanisms supported to limit bandwidth on constrained networks. The Platform provides APIs to schedule, test and track update campaigns.
Key management and key renewability
Key management functions enable the generation of shared keys between the RoT and the Server. Renewal of keys, for example to enforce or revoke certain functions on the devices, can be managed through simple Platform APIs.
The Platform’s key management and DTLS stacks enable secure deployment and updates of device firmware.
How the platform works
Our Secure Client with Root of Trust and Security Server secure your business end to end
The platform consists of two main elements: a security client and security server, that easily integrate with your devices and back-end platforms and applications using simple APIs.
Robust device identity
One of the biggest challenges in IoT security is establishing an immutable identity (root of trust) in hardware (or software) that forms the basis for all other security use cases.
Root or Trust
The Root of Trust (RoT) is integrated in software or embedded as hardware into the device and is the foundation for all security use cases. This root of trust is personalized when the component hosting the security is manufactured. Today we offer different security clients that bring increasing levels of robustness to the solution including Secure Elements, eSIMs and software hardened soluiton.
Secure Client Library
The Secure Client Library (SCL) integrates with the device firmware and applications and acts as a driver to provide APIs to all security functions of the Root of Trust and of the Kudelski IoT Security Platform.
The Secure Client Library (SCL) is delivered as an SDK including test suites and documentation to test the SCL and SAL API integration.
Secure Data, Decisions, Commands and Actions
Achieving your IoT business objectives depends on your ability to process and act on data. We create trust between all physical, digital and human assets in your IoT ecosystem and fully attest to data origin and integrity.
The Security Server connects to your back-end platform to enable secure features by any authorized application.
The server provides trusted data to the customer’s backend. The data sent between the device and the cloud is identified, authenticated and traceable.
Device and Server APIs enable encryption, authentication and manage all IoT business logic. All Server functions are provided through REST APIs.
An online documentation kit is available to support the end-to-end integration of the Server and Client APIs including reference code for all functionalities of the platform.
How we integrate IoT security into your ecosystem
Start with one or more security use cases, grow over time by adding new ones. Our scalable and future-proof system will enable you to adapt and grow to improve security and add new functionality.
Root of Trust
You can choose to embed one of our pre-integrated RoT elements or we can integrate it with the technology of your choice.
- Secure Element (download doc)
- eSims (industrial & consumer grade)
- Hardened Software RoT
IoT Secure Client Library (SCL)
You then integrate the Security Client Library with your device’s firmware or software.
By working with our IoT Security Design & Evaluation labs during the design phase of your product, we can advise you on:
- the best architecture for your business objectives
- technical environment
- IoT use cases
IoT Security Server
Using simple, well-defined and documented API’s, you integrate your cloud or on-premises backend with our cloud-based IoT Security Server, enabling and securing any IoT use case you require.
We currently support customers using the following platforms
- AWS IoT
- Microsoft Azure IoT Hub