Managing keys and certificates
Keys and certificates provide identities to IoT devices, gateways, and other components and enable secure data in transit across IoT systems. Although most organizations have existing agreements with PKI providers for Secure Sockets Layer (SSL) certificates, the provisioning of certificates to IoT devices frequently do not fit the typical SSL model. PKI service providers such as GlobalSign and Digicert have begun tailoring their certificate offerings towards the IoT. Another option however is the stand-up of an in-house PKI.
Device certificates chain up to root certificates, also known as trust anchors. These trust anchors are provisioned to devices and enable trust within an organization. There must be processes in place to manage these trust anchors. For example, deleting trust anchors that may have been compromised or adding new trust anchors to extend trust.
Certificates must also be actively managed. Certificate lifetimes should be limited (for example,...