Protecting your data in transit means that the privacy of your data is safeguarded all the way from the device to the cloud. The confidentially of your data needs to be ensured. Additionally, you need to be able to establish the integrity and authenticity of your data at all times. In IoT settings, which often involve thousands, if not millions, of devices, this requires highly efficient and scalable cryptographic methods.
The u‑blox End-to-end Security suite provides methods to encrypt and transfer every type of applicable data from the device to its own server/platform in the cloud with a few simple operations. This eliminates the need to implement a complex solution on the device microcontroller in order to establish secure communications.
u‑blox End-to-end Symmetric Key Management System is a disruptive approach for secure key management that replaces the current public key infrastructure (PKI) approach or typical PSK systems.
The significant advantage of u‑blox E2E Symmetric KMS is that session unique keys are available out-of-the-box both in the module and in your cloud via REST API, which allows the generation of an infinite number of keys per device. Keys are uniquely tied to the hardware and can be triggered on the module side and on the server/cloud side. This entirely removes the need for creation, delivery, renewal, and revocation of certificates. Development and operations are simplified by delegating the complexity of key management to a proven scalable system.
E2E Symmetric KMS is well suited for LPWA constrained devices, optimizing secure communications to achieve up to 8x reduction in the data overhead and up to 2x the packet flights. These optimizations translate to reductions in data usage, power consumption and cost.
When fast-go-to market becomes a priority, the End-to-end Data Protection solution provides an efficient and scalable ability to encrypt data on a device and to decrypt data asynchronously in the cloud independent of protocols, servers, platforms or time before reaching final destination. It ensure a real end-to-end privacy from the data producer (the device) to the end user (your application platform or your customer that uses the data) and a unmatched rapidity of implementation.
When using one of the leading IoT platform like AWS IoT Core or Microsoft Azure IoT Hub, device authentication through X.509 certificates becomes the only realistic option. The IoT certificate manager service offers an out-of-the-box experience for the registration and onboarding of devices to cloud IoT platforms such as AWS, Azure, or even to custom platforms, making it simple, secure and cost effective. The management of the device certificate lifecycle is essential to establish and maintain trust for IoT devices throughout the product lifecycle. In all IoT deployments, managing certificates is a difficult challenge that requires a sophisticated system and on-going effort. Failure to renew certificates before expiration can put your IoT asset at risk, completely blocking the source of your revenue.
IoT certificate manager is part of the Certificate lifecycle control suite that jointly with Zero Touch Provisioning ensures the secure, automatic and futureproof management of X.509 device certificates for the entire device lifetime.
The following table summarize the compatibility of the above described services with different u-blox module types.