Device identity management solution for smart homes
IKV’s iBadge solution uses a cryptographic authentication chip to offer IoT service providers a hardware-based security management platform. The device authentication and counterfeit protection of this platform will secure business model and profitabilit
Use case
Application context and security requirement
IoT devices possess special characteristics of easy connection and sustainable security. The IoT assets and architecture require the effective protection from threats such as counterfeiting.
Challenge
A zero security solution will bring risk of potential business loss. A software-based security solution is better than no security, but easily accessible, reproducible and reversible. IoT devices need a cost effective security solution to make connected devices with unique identification and trustworthy authenticity, and good countermeasure to counterfeit and device hacking.
Implementation
iBadge device identity management offers a hardware-based security solution for authentication and management. Devices equipped with the iBadge solution are easy to implement, with the following capabilities:
› No manual work is required during the production process › A unique chip identifier and authentication key
› No need for complicated cryptographic algorithms in the firmware
› Device management via web-browser or smart-phone app
› Easy management of device ID and other data, through our back-end module
User benefits
› Cost effective hardware-based turnkey security solution for IoT devices
› Shorter time to market and faster deployment for device providers
› Business model and profitability is secured
Smart-home device manufacturers in China have adopted the iBadge solution and commented “…iBadge helped our engineers to quickly implement security mechanisms on our devices. And we didn’t need to consider the complex cloud protocols for the protection on device messages back and forth between our server and the devices….”
Solution
Most of the IoT devices do not design any security mechanisms, or the security mechanism is very weak, which means the hackers can control the devices easily and retrieve data for unauthorized activities. To avoid these kind of threats, the devices’ security mechanism must design within and run effectively. iBadge Device Identity Management provides the total solution for IoT device security. iBadge security solution consists of three function blocks:
1) Cloud applications and data server with iBadge cloud modules in it, including device database, vendor credential modules, and IKV identity management service.
2) IoT devices with iBadge device application protocol interface and Infineon OPTIGA™ Trust security chip mount on it.
3) PC or mobile applications with iBadge security protocols in it. Infineon OPTIGA™ Trust supports elliptic curve cryptography cryptographic, plays the key role in iBadge solution. IoT device providers own unique sets of root keys associated with chips at Infineon production line.
Through the IoT gateway and cloud network service, the application and data server generates a challenge and then sends to OPTIGA™ Trust chip to trigger ECC computation in it. After ECC computation is complete, the server will read a response code from OPTIGA™ Trust and confirm its validity. Once the validity confirmation is received, the connections between IoT devices and IoT device user, and applications data server are set up securely.
Main benefits of the Infineon product
› The unique identifier and root key are burned into the device automatically during packaging and testing stage, and is convenient for mass production and reduces cost.
› Strong hardware-based security using ECC asymmetric cryptographic algorism to protect unique ID and root key
› Turnkey support for both host and device side, including authentication libraries and application protocol interface for device management