Last update: October 7th, 2021
Device Whitelist configuration guide has been added
IoT Security-as-a-Service is a managed services solution that makes extremely simple to protect your data at rest and from silicon to cloud, ensuring that you can focus more on your business and enjoy faster time-to-market.
We implement a true end-to-end concept where data are protected from the device to the end user and are not visible by the intermediate nodes/platforms nor by the service provider.
Our approach ensures minimal code development and investment and provides the highest standards of security, leveraging the root of trust in u-blox LARA-R6, SARA-R4 and SARA-R5 module platforms to bring a unique and immutable identity for univocal identification and zero touch on-boarding in leading IoT cloud platforms.
The innovative symmetric Key Management System delivers an unprecedented level of security, giving the possibility to generate an infinite number of crypto keys on-the-fly, to be used for (D)TLS or for any other purpose.
All u-blox security solutions are designed for LPWA constrained devices, reducing the data usage and the number of handshakes, thus minimizing the power consumption that is a critical metric for most IoT devices.
You can find more information about IoT Security-as-a-Service here.
IoT Security-as-a-Service is available on LARA-R6, SARA-R4 and SARA-R5 series modules. Several evaluation kits are available:
EVK-R500S - Evaluation Kit for SARA-R500S
EVK-R510S - Evaluation Kit for SARA-R510S
EVK-R510M8S - Evaluation Kit for SARA-R510M8S
EVK-R6 - Evaluation Kit for LARA-R6
EVK-R422M8S - Evaluation Kit for SARA-R422M8S
EVK-R410-8-00 - Evaluation kit including LTE module for multi-regional use; Cat M1, NB1 bands: 3, 5, 8, 20, 28
EVK-R410-7-00 - Evaluation kit including LTE module for Korea; Cat M1 deployed bands 3,5,26
EVK-R410-6-00 - Evaluation kit including LTE module for Japan; Cat M1 deployed bands 1, 8, 19
A complete application board that let you to easily start testing u-blox services
Please contact us to review your needs and to request a kit.
u-blox service platform sign-up
u-blox Thingstream service delivery platform provides a management console that you can use to enable and manage the entire suite of u-blox services and the Security Thing, which is the logical representation of your module in the Thingstream platform.
Sign-up is free, quick and easy. Just go to the management console and register with your company information. If you already have a Thingstream domain for Communication-as-a-Service (MQTT Anywhere, MQTT Here or MQTT Now), you do not need to register again, security services are already available.
The management console lets you create the credentials (access key and secret pair) required to manage and use IoT security services through REST APIs.
The API documentation and swagger (YAML) specification download are available here.
Generate the access keys
In order to start using IoT Security-as-a-Service, you need to generate an access key and secret. You can do this by going to the Access Keys page under Security Services and clicking on the "Generate Keys" button.
In this section
Once you have generated your key and secret, make sure you save them somewhere safe as the secret cannot be recovered after you leave the page.
You can generate up to 5 access keys.
Create a device profile
To create the device profile unique identifier, and get the DeviceProfileUID required for device provisioning, access to the management console, and then select ‘Device Profile’ under the ‘Security Services’ panel on the left side.
A wizard will guide you through the steps to select the features and services linked to the profile. You can always change these at a later stage.
We recommend you to keep secure the DeviceProfileUID and do not share it
In the wizard you have to select a price plan to be used by devices that are provisioned using the profile. To get started, you can use the free Developer plan which allows you to manage up to 10 active devices. Find out more about the available price plans here .
Once you have created the device profile unique identifier, you need to seal the DeviceProfileUID in the device using AT commands. This is a simple procedure explained in the next Claim of ownership section.
Once completed the Claim of ownership and the bootstrap steps, the device will automatically appear in your account in the ‘Things’ section of the management console with the selected service and features enabled. You can use the same device profile for all the devices that need the same set of features and services and you can make changes for individual devices via the management console.
Claim of ownership
Change the ownership
Two stage bootstrap
Security heartbeat in SARA-R4
Security heartbeat in SARA-R5
Feature and service provisioning
Anti-cloning detection and rejection
Tools and sample code
To test the APIs and the AT commands to interact with the module, visit the Tools and Software page.
You can also refer to the u-blox GitHub repository which is constantly updated with sample code to simplify the service implementation and reduce your time-to-market.
If you need more help or have any questions, please send an email to firstname.lastname@example.org .