Proper PKI device enrollment is key to provisioning unique, strong and secure devices identities. IoT Edge Enroll is a full-featured, registration authority service that ensures simple, secure and optimized device enrollment. It’s a key component of our PKI-based IoT Identity Platform that enables Device Identity Lifecycle Management. It’s the most comprehensive, flexible, commercial PKI device enrollment feature set available.
Extensible and Secure
IoT Edge Enroll is built on a modular, extensible framework making it flexible for evolving and emerging cross-platform IoT needs. IoT Edge Enroll:
- Is fully integrated with GlobalSign’s Certificate Authority (CA) so customers can select the root of trust they need.
- Uses standards-based device enrollment protocols with dedicated enrollment servers, to speed integration and maintain secure interoperability. Enrollment over Secure Transport (EST RFC 7030), EST Client, and CMP v2.
- Includes support for secure elements such as SRAM PUF, Secure MCUs, HSMs and TPMs including TPM 2.0 identity attestation integration.
- Uses custom x .509 certificate profiles and templates to tackle tough IoT requirements that according to RFC 5280 “meet the requirements of specialized application domains or environments with additional authorization, assurance, or operational requirements” and can be applied to all types of x .509 certificates.
- Integrates with top IoT platforms and cloud applications including Azure IoT Hub, DPS, and Edge, AWS IoT Core and Arm Pelion.
Certificate Templating Engine for Exacting Enrollment - Leverage custom certificate fields and data to deliver maximum flexibility for unique IoT authentication requirements.
Device Identity Manager for Admin Control - Manage unique device identities throughout their lifecycles including certificate auditing and reporting, device whitelist management, device enablement/disablement and enrollment eligibility.
Enrollment Policy Engine for Enhanced Security - Configure trust chains by defining enforcement rules to easily set the level of authentication for enhanced security and compliance.
Plug-in Architecture for Customizing Enrollment - Build integrations to 3rd party data sources for enrollment attestation requirements or to build certificate templating enrollment and authentication rules.
Custom Workflows Address Unique IoT Use Cases - Enrollment workflows accommodate each individual IoT use case based on specific parameters, while still maintaining a predictable, repeatable and secure enrollment process.
IoT Edge Enroll simplifies PKI device enrollment set up and integration, optimizes IoT device enrollment operation, and hardens IoT security and authentication.
Who is IoT Edge Enroll for?
- IoT device manufacturers including components with certificate-authenticated identities (IDevIDs) in their connected products
- Critical infrastructure operators looking to reduce the costly operational expense and liability of on-premise device registration, enrollment and management
- Semiconductor manufacturers producing identity-embedded microcontrollers or Trusted Platform Module (TPM) chips to create competitive advantage for downstream supply chain security
- IoT developers wanting to secure device identity from production from deployment through end of life
Powerful, cloud-based device Registration Authority as a Service
Simplified implementation and management of device enrollment
Optimize enrollment operation according to best known standards
Hardened security via stringent device enrollment authentication and policy enforcement, communication encryption and secure identity storage
The most comprehensive commercial RA feature set available, built on a single framework
Expert guidance for RA set up with pre-configured workflows and certificate profile templates
Interoperable integrations via RESTful API or custom developed plugin’s
Minimizes the impact of security integration, enabling device manufacturers and operators to focus on their core IoT innovations