When we talk about certificates, private data and signatures, we immediately think of cryptographic systems based on asymmetric keys.
The birth certificate of a connected object is based on a public-private cryptographic key pair that is unique to the IoT device. The private key does not leave the device. It is used whenever the device needs to prove its identity or sign data.
When a device connects to the cloud, the cloud checks that:
- The object's certificate is valid (that the certificate signature is valid).
- The object is in possession of the private key, as it encapsulates the essence of the identity of the IoT device.
When these 2 verifications are valid, the connected object is authorized to exchange with the cloud. As always, protecting the private key is at the heart of security. It must be protected at all costs, to prevent the device from being impersonated.
In Ewon's case, this private key is stored in the Secure Element of the Cosy+, an ultra-secure and shielded hardware location. The use of this Secure Element is considered a very advanced security measure, which clearly distinguishes Ewon's solution from all others.