As security technology has evolved in recent years to support Internet of Things (IoT) devices. These devices may be served by having a device root of trust, preferably with integrated capabilities to support cryptography and related actions.
Generally security, management and other challenges are preferably addressed when creating products and solutions whose components include IoT devices. Protecting, controlling and managing IoT devices can be challenging and fraught with danger, risk and potential liability. Manufactured products that incorporate IoT devices within them, generally increase product risks and management challenges by such component IoT devices.
Manufactured products (e.g., an automobile, medical device, etc.) along with their component IoT devices, typically should do many things. For one, products should ensure control over the data that is produced. This may include the protection of data as well as its transmission and communication.
Traditional computer security typically relies on firewalls that generally create a protective wall around a computer, electronic device, groups of each as well as others. Traditional reliance on perimeter defense is generally inadequate or insufficient when it comes to IoT devices as IoT frequently are expected to perform in areas beyond typical network protection as well as sometime in an area of weal or non-existent network protection. In our modern digital world, as intelligent things (e.g., IoT devices) begin to proliferate, a shift from general “stand-alone intelligent things” to a more expected “collaborative intelligent things” model should require an enhanced approach to security. In the collaborative model, multiple devices may work together, either independently of people or with human input and with this security breaches and hacking opportunities are increased.
Accordingly, it is desirable for the manufactured products to include robust access control so that unauthorized parties are unable to gain access to the device or its data. It is also desirable for the manufacturers to have a capability to instruct each device to only listen to or communicate with authorized endpoints (for example, other IoT devices) to reduce risks associated with endpoint spoofing, man-in-the-middle and/or other security violations or attacks prevented. It is also desirable for such devices to provide strong identity management, not only for most IoT devices within a product (which may incorporate multiple devices), but also, from a product as a whole to external, authorized endpoints. Each device or product should preferably be configurable as well as easily updatable only with authorized and signed firmware.