GlobalSign Blog

10 Apr 2018

Getting an Edge on Enrolling IoT Devices

The term 'edge' as referred to in IoT reference architectures is generally defined as a logical layer consisting of the IoT devices, sensors, actuators, nodes, gateways and components of the functional domains deployed within. A simpler explanation is that the edge is the place where IoT data is generated and/or collected for transmission to a remote location, like the cloud. The edge may also contain 'gateway' devices that act as a proxy between local IoT devices, machines, nodes and applications running in the cloud. The layer between the edge and the cloud is sometimes referred to as 'Fog'.

Now, the lifecycle of an IoT device usually consists of imbuing it with an identity, collecting and storing this information when the device first comes online, and managing it once it’s operational in the field. Where GlobalSign is closely involved with is providing a unique identity for each IoT device, based on a root-of-trust, so that it can be correctly and strongly identified. This process is known as enrollment.

Real-World Example

The need for enrollment is becoming greater all the time in industries across the board due to the growth of the IoT and the billions of devices people and companies are using. However, to date there hasn’t been a very good solution on the market because there isn’t one standard way to go about this due to the variety of devices. Thus, it has become one of the many problems requiring a solution for IoT.

One example of a market looking to enroll IoT devices is the agriculture industry, where there is a need to track everything from cows and crops to soil and large machinery such as tractors. Taking a closer look specifically at industrial equipment, there is now a need for an automated solution that verifies their authenticity, and tracks and maintains their digital record, and more.

But creating a solution is not easy because of all the aforementioned devices and also because all of these systems run in siloes. This is yet another major problem that needs to be addressed.

The Solution to Your IoT Device Enrollment Challenges

To meet this growing need, GlobalSign will soon introduce a Public Key Infrastructure (PKI)-based solution designed to simplify enrollment. PKI is ideal for IoT ecosystems since it can be executed in a relatively lightweight fashion on different classes of devices.

Our new solution will solve the challenge of finding the best way for certificates to be issued to devices and make it much easier to perform certificate installation, especially for manufacturers. Key to this will be an enrollment gateway that will then allow access to be on-boarded onto management platforms.

This solution will enroll all specified IoT devices that sit within a network, giving each one a unique identity. In essence, we are now capable of enabling the verification, issuance and re-issuance of identities to IoT devices.

The enrollment process will be implemented via our highly scalable PKI solution, which enables us to issue certificates at unprecedented speed and volume, allowing IoT innovators to differentiate themselves using security as a competitive advantage. With this capability we are able to generate as many as 3,000 certificates per second.

Not only that, GlobalSign’s highly scalable PKI service allows IoT developers to easily build security and identity into their products from the start, protecting the integrity of data by securing and authenticating IoT endpoints. With this capability, they can accelerate the time to market and reduce manufacturing costs of their products, while also addressing critical security needs.

While this new solution will eventually be deployed in the cloud, currently it is going to be hosted by end users. By placing this layer in the middle of the cloud to fog to leaf continuum – at the edge – the solution will be able to directly interface with IoT control nodes. This solution will also offer unique device Registration Authority (RA) ) features, which will allow device makers to control which devices are allowed to receive certain credentials, based on user-defined policies. All this functionality will be easily consumable through a modern restful API, thus enabling developers to include this as part of their devices’ software build processes.

You’ll hear more about GlobalSign’s IoT enrollment solution soon. In the meantime, to learn more about our IoT solutions, please visit our website.

Share this Post

Connect with us

fb_icontw_iconin_icon