Fridges communicating with smartphones, via app controllable heating systems or industrial production machines that are connected to a cloud - these are only a few of many possible IoT applications that can be realized today.
IoT security aspects
When millions of items are connected to each other and to the Internet, security risks are necessarily involved: unauthorized access to the device, data theft, identity fraud or loss of control.
Through the implementation of security elements, risks can be reduced. Therefore, the following principles should be considered while developing and designing of IoT devices:
- Unique device registration and identification
- Encrypted credential deployment
- Secure authorization
- Secure communication and data management
- Key management and diversification
- End-to-end encryption between device and operator cloud
Security with LEGIC
Our technology platform for secure IoT solutions includes as basic components multi-technology reader chips (Bluetooth Smart, RFID and NFC), mobile Software Development Kits as well as our Trusted Service LEGIC Connect.
Together with our Business Partner IBM® we offer for example a scalable eco-system for secure IoT applications and services. This eco-system consists of IoT devices, a Trusted Service Management and cloud services.
IoT-enabled devices based on LEGIC reader chips communicate via SDK - integrated in the iOS or Android app - with LEGIC Connect. The latter provides an end-to-end encrypted communication between the IoT device and the customer back-end system. Furthermore, LEGIC Connect ensures a secure device registration and identification as well as a secure deployment of rights.
IoT with the Master-Token System-Control
Encryption keys, respectively their management, are that certain something of any secure IoT application. With LEGIC's Master-Token System-Control the deploying and withdrawing of authorizations is much simpler than with a password-based system. Thanks to the MTSC, authorizations are not only deployed via LEGIC Connect, but also on a hardware token (for the 2-factor-authorization). Key management is one of LEGIC's core competencies and is based on the latest technologies allowing a flexible design for IoT solutions.
For further information, please refer to the IoT brochure and the graphic.