General

Q: What is the Internet of Things (IoT)?

A: This term refers to networks of physical objects with embedded components that are connected to the internet, and the communication that takes place between the “Things” in this network (the Internet).

Q: What are examples of objects in the Internet of Things network?

A: Examples of “Things” that can fall into the IoT include virtually any object for which remote communication, data collection, or control may be useful. These include connected security systems, electronic appliances, cars, speaker systems, and many more.

State of IoT Security

Q: Why is it so hard to secure IoT devices?

A: Several IoT devices lack the computing power of a desktop or laptop computer, or other higher-end devices, which makes implementing strong security often challenging.

Also, many of the products are designed with a focus on keeping the cost as low possible; there is no focus on stronger security implementation, as it doesn’t lower the cost of producing a product.

Three aspects that make securing IoT devices difficult are:

  1. The huge spectrum and vast quantity of IoT devices
  2. The majority of IoT devices have very limited ability to protect themselves in terms of CPU and other features
  3. IoT devices are at a higher risk for being hacked because they are all connected online the entire time.

Q: How does the industry bring up the technical challenges impacting security for the IoT?

A: The answer to this starts by bringing the problems into attention and then making better education available about the solutions. The security industry can do this in various ways.

Q: Can an organization implement a trusted IoT security framework?

A: Yes. Among other things, the organisation should first select a Certificate Authority partner that is trusted and can effectively scale to meet their IoT needs.

Solutions to IoT Security

Q: What makes Trinity’s solution stand out?

A: Trinity understands the present landscape of SSL security and as a leading Certificate Authority has a supreme focus on the future of the industry. Trinity’s solution is positioned to meet the demands of high-volume certificate issuance promptly.

Q: What protocols and open standards are used?

A: Trinity makes use of EST (Enrolment over Secure Transport), SCEP (Simple Certificate Enrolment Protocol), and RESTful API (representational state transfer application program interface).

Device

Q: How is the device programmed to be unique?

A: The device is programmed (seeded) during the device enrollment process or during the manufacturing period.

Q: Can Trinity provide a unique identifier if required?

A: Yes. Certain certification profiles even include generation of GUID in the Subject field by default.

Q: Does Trinity support a customer-specified unique identifier?

A: Yes, however, this based merely on the format of the UID and the certificate profile.

Private Key

Q: How is the private key developed?

A: In the manufacturing period the private key is placed directly on the device by its own cryptographic library, or by a controller as close to the device as possible.

Q: How is the private key positioned and protected?

A: If not stored in FIPS-complain HSM, the private key is normally positioned on the device using Operating System (OS) access controls.

Q: Does Trinity support both “on-device” and “off-device” private key generation?

A: Yes, all we require is the CSR/public key irrespective of its origin.

Q: Approximately how many lines of code need to be written by the developer if the private key is generated “on device”?

A: Scripting OpenSSL to build certificate signing requests (CSRs) based on a few pieces of input could be done with less than 10 lines of code.

Certificate Authority

Q: Can a certificate be automatically provisioned and enrolled?

A: Yes, a certificate can be automatically provisioned and enrolled.

Q: Are there any options for the lengths of certificate expiration?

A: Certificate expiration lengths depend on the project’s requirements.

Licensing

Q: Does Trinity offer device or certificate-based licensing?

A: Trinity offers flexible pricing that is typically certificate-based. To get more information contact us.

Q: Do you charge for other components of your solution?

A: Trinity only charges for certificates.

Management

Q: How do you manage which IoT systems are trusted?

A: Device management console sets access rules and controls for devices, systems, certificates, and their connections.

Q: How do IoT providers update the list of trusted systems securely?

A: Customers use authenticated or signed messaging to and from devices based on the current confidentiality status of certificates in use on those systems.