Developer Community

programming code

Welcome to our Developer Community

Welcome to Device Authority’s Developer Community

As an award-winning cloud-based delivery platform that continues to revolutionizes IoT security, KeyScaler-as-a-Service (KSaaS) empowers organizations to achieve visibility and centralized control over the security of their connected devices.

In a world where the use of connected devices is growing exponentially, reactive ‘detect and respond’ strategies are not sufficient and a new set of security standards is needed to advocate a more proactive approach. KSaaS holds the answer and we want to provide you with the ability to put this to good use by developing new ways to extend its use to every type of environment, constrained device and use case.

Aim 

The goal of the Device Authority Developer Community is to help developers (in commerce or academia) to better understand the current state-of-the-art in security for connected devices. To achieve this, we will enable developers to experiment with KSaaS, CM, and DDKG. We provide a range of resources across this website and our GitHub repository.

Introduction to key architectural elements

KSaaS offers KeyScaler’s functionality without the burden of costly infrastructure or dedicated resources, so its the ideal basis for our Developer Community.  KSaaS works in concert with Device Authority components on connected devices: 

  • Credential Manager (CM). As the name implies, CM’s role is to manage credentials that, in cooperation with KSaaS, are used to manage a device’s digital identity.  Credentials may be of a range of types, including certificates, tokens, and passwords.  Additionally, information about the device itself may be added to improve KSaaS’s ability to authenticate a device – this information is provided by DDKG.
  • Dynamic Device Key Generator (DDKG).  This is a library used by CM to extend the set of data available to KSaaS in making an authentication decision – for example, the MAC address of a device’s Network Interface Card.

What we offer to the Developer Community

  1. KSaaS.  We offer KSaaS to members of our Developer Community through a Community License upgrade to our KSaaS Trial License – this extends the license term from 30 days to 365 days.  For more information and to get started, please see KSaaS Account Creation.
  2. Device-side software:
    1. CM.  We offer open source access to the source code for CM under the terms of the widely-accepted GNU GPL Aferro license.  The source code is available on our GitHub repro here: https://github.com/DeviceAuthority/credential-manager-public
    2. DDKG.  We currently offer this as an executable for a number of device platforms.
  3. To build and test the device-side software we also offer:
    1. Quick-start guide – “Hello world”.
    2. Information about dependencies – third-party software.
    3. Information about build environment.
    4. Information about unit tests.
    5. Further information about e.g. secure storage.

Secure Key Generation, Storage and Distribution Surgical Products Connected Pharmaceutical Factory

Situation

Device Authority and Entrust partnered to provide solutions to a global manufacturer of automotive components that has multiple secure manufacturing lines that require a Key Distribution and Management System and PKI service to provision digital certificates to each OEM.
This manufacturer needed to be able to securely transport keys from the OEM delivery service to the remote factories. These keys are injected directly into the OEM’s vehicle electronic components, which are then distributed to end customers for inclusion in their finished automotive products. Those finished products needed to be able to close the loop with the initial key provider for auditing purposes.

Solution

Device Authority’s KeyScaler and Entrust PKI were implemented to provide:

  • A hybrid and high scale PKI service to provision digital certificates as a trusted identity, unique to each OEM
  • Certificate Lifecycle Management capabilities to reduce management overheads and risk
  • Device Identity management via the use of Device Authority’s Dynamic Device Key Generation (DDKG) technology
  • KeyScaler, a key distribution and management solution backed by the PKI, to securely transport keys from the OEMs of production equipment to remote factories worldwide
  • Policy-driven Encryption with granular read/write access permissions HSM Access Control for integration with third-party
  • HSM for secure and automated key generation and storage using HSM
  • Key generation and usage reporting for auditing

Summary

Faster time to value

Streamlined device security reducing admin burden

Accelerated incident response and reduced liability

Situation

A medical device manufacturer specializing in sterilization and surgical products requires automated Identity Lifecycle Management using x.509 certificates which must support devices connected directly to the cloud as well as offline Edge devices that connect via gateways.

Patient safety, procedure management, data security, industry compliance and cloud integration with Microsoft Azure IoT are all key requirements.

Solution

KeyScaler was implemented to provide:

  • Dynamic Device Key Generation (DDKG) to establish device root of trust used for initial device attestation, authentication and registration
  • Automated PKI services for IoT with X.509 certificates including provisioning, rotation and revocation
  • KeyScaler Edge to support Identity Lifecycle Management for offline devices
  • KeyScaler Security Suite for Microsoft Azure for Automated Device Provisioning to Azure IoT Hub
  • Continuous Assurance and Threat Validation based on the devices’ Software Bill of Materials (SBOM) to meet FDA requirements

Summary

Reduced liability, cost of operations and development

New revenue generation (DaaS)

SBOM Support

Situation

A major global pharmaceutical company upgraded its connected factories as part of a digital transformation strategy. Their new Microsoft Azure IoT Edge Gateway infrastructure requires a robust and automated Identity Lifecycle Management solution utilizing x.509 certificates to provide device and data protection which presents challenges when connecting both online and offline Edge devices in a nested parent-child configuration to the Cloud.

Solution

KeyScaler was implemented to provide:

  • Dynamic Device Key Generation (DDKG) to establish device root of trust and enable Automated Device Provisioning
  • PKI Services to integrate with existing corporate PKI utiizing x.509 certificates
  • KeyScaler Edge to enable full Identity Lifecycle Management for multi-layer IoT Edge Nested Gateways and leaf devices
  • KeyScaler Security Suite for Microsoft Azure to integrate with Azure IoT Hub

Summary

Faster time to value

Reduced admin burden

Accelerated Incident Response