Local Data Protection
Overview
Managing symmetric crypto functions via the AT command allows the device to locally encrypt / decrypt and authenticate critical data (e.g. certificates, tokens) on the device itself. The u-blox solution enables you to store critical data that has been encrypted using the RoT in a non‑secure component of the device, for example in the standard device memory.
Local Data Protection allows you to
encrypt and store sensitive information, even in a non-secure location
defend against bus sniffing and data injections by securing the communication between modem and microcontroller
save space and reduce BoM cost, simplifying the design of your device
In this section
Related Information
Security Services API documentation
Still need help?
If you need more help or have any questions, please send an email to services-support@u-blox.com.
The method provides symmetric crypto services via AT command to allow the device to locally encrypt & sign or decrypt & verify data.
Sensitive data used by the device (e.g. device certificates, CA or server certificates for (D)TLS pinning, tokens, (D)TLS session resumption tickets, libraries result of expensive R&D efforts) is securely stored.
Feature activation
If the module has already completed the bootstrap, the feature shall be enabled before the usage accessing to the u-blox Thingstream platform.
You are allowed to use Local Data Protection also in your production line, without enabling it through the platform, to store secrets or data for up to 100 writings. In this case, when the module perform the bootstrap the feature is automatically disabled unless you have enable it in u-blox Thingstream during Device Profile configuration.
Use case
The following AT command example encrypts the data string “datatoencrypt” and stores it within the module file system in a file named “ciphertextfile” and decrypts the file “ciphertextfile” that was stored in the module to read and display the text that was previously encrypted.
For further details, see the relevant u-blox AT commands manual for the module that you are using:
Availability
The Local Data Protection feature is available from the following FW version an subsequent releases:
SARA-R410M-x3B-01 (x3B = 63B, 73B, 83B)
SARA-R422S-00B-00
SARA-R422M8S-00B-00
SARA-R500S-00B-00
SARA-R510S-00B-00
SARA-R510M8S-00B-00
ALEX-R510M8S-01B-00
LARA-R6 series