A strong, unique and immutable device identity plays a key role in PKI-based IoT security. It serves as proof of an endpoint’s authenticity by securing authentication, encryption and data integrity, and by protecting the device throughout its lifecycle.
Store certificates in a secure, centralized depository
Certificate storage is a growing concern for organizations. IoT Edge Enroll, our enrollment service, addresses this need with our Certificate Inventory feature; a database of issued certificates stored in one central location for consistent, retrievable certificate information. It eliminates manual storage in multiple locations for easier management.
Customize certificate profiles and templates to tackle tough IoT authentication requirements
Default X.509 certificate profiles don’t fit all IoT use cases. They sometimes require individualized certificate configuration. We work with customers to define and customize certificates profiles and templates to accommodate the unique IoT devices and the environments they connect to. Our IoT Edge Enroll enrollment service features a Certificate Templating Engine capable of dynamically generating custom certificate fields from external sources while authenticating against enrollment policies for flexible, secure and consistent provisioning.
Protect Devices and Supply Chains from Emerging Threats
Advanced architectural models for certificate protection are emerging, designed to safeguard identities against supply chain and quantum computing threats. In addition to X.509 device certificates, we provision 802.1AR certificates that employ initial device identity (IDevID) and local device identity (LDevID) certificates as secure device identifiers. This is especially useful for crypto-agility, or the ability to respond to cryptographic algorithm and key threats, brought on by the advancement of quantum computing.
GlobalSign supports many X.509 certificate types including but not limited to:
- Client certificates
- Code signing certificates
- SSL/TLS certificates
- End entity certificates
- 802.1x certificates
- IDevID
- LDevID