Digital Identity and Cryptographic Technology to Enhance IoT Security

IoT security

This post is also available in: עברית (Hebrew)

Recent cybercrime and hacking exploits have shown clearly that much of the IoT – devices, services and applications – is coming online largely in the absence of adequate security measures due to the weakness of legacy password- and certificate-oriented authentication.

ForgeRock, a platform provider of digital identity management solutions, announced ForgeRock Edge Security, offering complete end-to-end security for internet of things (IoT) deployments. Through an innovative combination of cryptographic security and standards-based identity technologies, the new platform bridges the gap between device/chip and cloud/web security paradigms with new software that runs on smart edge devices, providing a trusted device identity proofing and registration process.

According to the company’s website, the platform applies identity principles to establish and maintain trust of IoT devices and their communications.

The new platform includes a ForgeRock Trusted Application (TA) that runs in the Trustonic Trusted Execution Environment (TEE), a secure area of the main processor. This allows ForgeRock to establish the all-important hardware root-of-trust on devices, and store cryptographic secrets in the most secure element of the device hardware – all without using any username/passwords or non-scalable PKI certificates.

To provide business value, IoT devices must seamlessly integrate with the connected world, including clouds, microservices, applications, and their protected APIs, and, of course, people.

ForgeRock Edge Security includes a secure IoT message broker to provide client authorization for trusted devices and services, and rich data security using cryptographic secrets to sign and encrypt data for privacy and integrity. As the newest component within the Identity Platform, ForgeRock Edge Security allows organizations to securely and centrally manage digital identities, authentication and authorization for everyone and everything.

In addition to Dell being an early tester of ForgeRock Edge Security, ForgeRock has also joined the Dell IoT Solutions Partner Program.