Joint solution provides a cost-effective option for provisioning unique, certified device identities rooted in hardware that can be adapted to any existing manufacturing workflow
October 26, 2016 -- GMO GlobalSign (www.globalsign.com), a leading provider of identity and security solutions for the Internet of Everything (IoE), and Intrinsic-ID, the leader in embedded authentication based on Physical Unclonable Functions (PUFs) announced today that they are partnering to provide original equipment manufacturers (OEMs) scalable, flexible and affordable security for the Internet of Things (IoT). The GlobalSign and Intrinsic-ID solution provides a cost-effective option for provisioning unique, certified device identities rooted in hardware that can be adapted to any existing manufacturing workflow. The joint technology provides distinctive identities for microchips embedded in IoT devices, which are then certified so that they will be trusted in a customer’s IoT ecosystem.
IoT environments, whether automotive, industrial control systems, critical infrastructure, medical equipment or smart manufacturing floors, require strong security systems to prevent unauthorized control of devices, protect against advanced threats and detect counterfeit attempts. Traditionally, augmenting security into IoT environments has been difficult and cumbersome. Now a software-based SRAM PUF can be retrofitted into any existing microcontroller, enhancing present security or providing security where there once was none at all, even for constrained devices.
“Smart devices have a unique fingerprint hidden in their SRAM cells,” says Pim Tuyls, CEO of Intrinsic-ID. “We leverage these unclonable identities to derive and protect cryptographic keys. By integrating PUF security with GlobalSign’s proven PKI solutions we offer a scalable and universally compatible solution that builds an unbroken chain of trust from chip to cloud.”
Intrinsic-ID’s key management solution software-based identity algorithms leverage existing SRAM capabilities to create unique, unspoofable device fingerprints which prevent the cloning of systems. GlobalSign’s cloud-based, high-volume certificate service certifies these fingerprints and adds public key infrastructure (PKI) capabilities, resulting in strong device identities and protection against untrusted applications and advanced attacks. Cryptographic operations and keys are never stored, so they are not present on the device when it is powered off. They are only created when needed using device-dependent PUFs.
The Integrated Solution Simplifies Design and Lowers Costs
The one-chip security solution offers flexibility and overall decreased costs, since it doesn’t require on-site support, and there is no need for an external cryptographic chip. Integrating identity provisioning into existing workflows allows for maximum throughput and simplified logistics. IoT cloud enrollment tasks, including device registration, integration with legacy inventory systems and role/permission policy assignment are automated.
Cloud-based certificate provisioning lowers costs by eliminating the need for an appliance-based solution. Delegating device identity enrollment to contract manufacturers can further reduce costs. GlobalSign’s high-volume certificate issuance service is built to meet the speed and production demands of the IoT and is able to issue thousands of certificates per second. In addition, GlobalSign’s certificate revocation service allows manufacturers to mitigate supply chain risks such as overproduction.
“IoT security depends on the ability to trust the integrity and identity of connected devices. PKI certified identities from GlobalSign and SRAM-PUF security from Intrinsic-ID are complementary technologies that attest to and protect the identity of these devices. SRAM-PUF is an attractive technology because it can be incorporated into a wide range of devices providing security for new and existing designs at low cost,” said Zachary Short, Principal Software Architect. “PKI certificates are the standard when it comes to authentication. They provide a secure foundation for trusted communication in a multitude of IoT protocols. GlobalSign’s high-volume certificate enrollment services provide the credentials your devices need delivered at scale.”
Overview of Key Benefits:
- The solution can be retrofitted to existing microcontrollers; no additional hardware needed
- Uncloneable, short-lived cryptographic keys protect against spoofed devices and even the most advanced invasive hardware attacks
- PKI-based credentials support device authentication for most IoT protocols
- Lightweight cryptographic support capabilities for constrained devices with ECC algorithms and streamlined certificate request formats
- High-volume enrollment service capable of issuing thousands of device IDs per second
- Provisioning process is automated and can be added into existing manufacturing flows
Learn More at the Intrinsic-ID Security Summit in Mountain View – Oct 24, 2016
Nisarg Desai, Product Manager of IoT Solutions, GlobalSign will demonstrate strong device identity for trust and security in IoT at Intrinsic-ID’s Security Summit. Attendees of the event will gain insights on the security needs of the Silicon-to-Cloud ecosystem. For more information and registration details, please visit: https://www.intrinsic-id.com/intrinsic-id-security-summit/.
Visit GlobalSign at IoT Solutions World Congress in Barcelona – Oct. 25-27, 2016
GlobalSign will be at Booth D541 in the Industrial Internet Consortium (IIC) Pavillon. The GlobalSign and Intrinsic-ID solution will be demoed at the booth, in addition to GlobalSign’s full range of IoT solutions.
Intrinsic-ID is the world leading embedded authentication company based on the unique and patented technology called SRAM Physical Unclonable Function or SRAM PUF. Its solutions and products create a unique ID and cryptographically secure keys from the physical behaviour of the SRAM PUF. This key is invisible to attackers, unique per device and can be leveraged to authenticate the chip, the data on the chip, the device and even the whole system. On top of this, Intrinsic-ID offers solutions to protect the supply chain. These range from tracking and monitoring chips and devices (even in the case of remote contract manufacturers) to low cost, centralized key provisioning and protection against counterfeiting and overbuilding. Due to its simplicity, these products can be applied to all modern chips, microcontrollers and CPUs without making a change to the hardware. Currently this technology is being used by its customers in the field to protect the most sensitive payment, content, sensor and government data and systems. Learn more at www.intrinsic-id.com or follow us on Twitter via @IntrinsicID or contact us at firstname.lastname@example.org.
About GMO GlobalSign
GlobalSign is the leading provider of trusted identity and security solutions enabling businesses, large enterprises, cloud-based service providers and IoT innovators around the world to conduct secure online communications, manage millions of verified digital identities and automate authentication and encryption. Its high-scale PKI and identity and access management (IAM) solutions support the billions of services, devices, people and things comprising the Internet of Everything (IoE). The company has offices in the Americas, Europe and Asia.
About GMO Cloud KK
GMO Cloud K.K. (TSE: 3788) is a full-service IT infrastructure provider focused on cloud solutions. Established as a hosting company in 1996, the company has managed servers for more than 130,000 businesses and now has 6,500 sales partners throughout Japan. In February of 2011, the company launched GMO Cloud to enhance its focus on cloud-based solutions. Since 2007, the company has also grown its GlobalSign SSL security brand through offices in Belgium, U.K., U.S., China and Singapore. For more information please visit http://ir.gmocloud.com/english/.
About GMO Internet Group
GMO Internet Group is an Internet services industry leader, developing and operating Japan’s most widely used domain, hosting & cloud, ecommerce, security, and payment solutions. The Group also comprises the world’s largest online FX trading platform, as well as online advertising, Internet media, and mobile entertainment products. GMO Internet, Inc. (TSE: 9449) is headquartered in Tokyo, Japan. For more information please visit http://www.gmo.jp/en/.