What is Identity Protection in IoT (Internet of Things)

There are many security frameworks for the IoT, but there is no single industry-accepted standard to date. However, adopting a security framework for the IoT can help provide tools and checklists to help businesses build and deploy IoT devices. 

Such frameworks have been published by the GSM Association, the Industrial Internet Consortium, and some other bodies.

The Federal Bureau of Investigation announced FBI Alert Number I-091015-PSA in 2015. It warned about potential vulnerabilities in IoT devices and offered recommendations for protection. 

In August 2017, Congress announced the IoT Cybersecurity Improvement Act, requiring any IoT device sold to the U.S. government not to use default passwords, have vulnerabilities known, and provide a mechanism for correcting the devices. 

While it targets manufacturers who create devices sold to the government, it sets a baseline for all manufacturers' safety measures.

Also, in August 2017, the Internet of Things Growth and Innovation Development (DIGIT) law was passed by the Senate. The bill required the trade ministry to convene a task force and report on IoT, including security and privacy.

In June 2018, Congress announced the State of Modern Application, Research, and Trends of IoT Act, or SMART IoT Act, to propose to the Department of Commerce to conduct a study on the IoT industry. IoT and provide recommendations for the fast growth of IoT devices.

In September 2018, the California state legislature approved SB-327 Information privacy: connected devices, which introduced security mandates for IoT devices sold in the country.

Despite OEMs' cost concerns, building secure IoT devices is essential. This is the only way to reduce the number of attacks. However, we also know that just adding it is not enough. Security - and identity - issues need to be built into a device's lifecycle as early as possible: at the microchip level.

Integrating device identities into their microchips is security by design - security by design - par excellence. This secures a connected object literally from the chip to the Cloud. 

Aware of the potential of this solution, providers of device identity management solutions and semiconductor manufacturers worked together to make it a reality.

Without critical public infrastructure (PKI), there is no chips security on connected objects. All IoT devices equipped with these integrated circuits require a strong identity for secure authentication. They must generate their own identity and store it securely. 

A growing number of these devices incorporate a trusted certificate, significantly reducing the risk of unauthorized access.

The market abounds in solutions aimed at boosting safety. For example, a Taiwan-based global IC manufacturer relies on a PKI identity provisioning solution specifically designed for IoT device identity lifecycle management. 

The solution provisions a digital certificate for each integrated circuit. The manufacturer has developed the necessary equipment (an engraver) to integrate the digital certificate directly into its chips. The result: the team can assign an identity to a product from the very early stages of its existence.