4.2 Connect: Run-time provisioning of IoT devices with AWS Webinar
For both commercial and security reasons, IoT device vendors cannot allow arbitrary endpoint devices to connect to their IoT services. This requires the IoT service to authenticate any endpoint attempting to join their network through use of security credentials, such as certificates. This in turn requires the IoT endpoint to have an appropriate certificate installed on it, which can be done during manufacturing through many different approaches. Here are a few to spike out:
- Option 1: The IoT device vendor can purchase dedicated Trusted Platform Modules (TPMs) that already contain certificates, although this adds cost to the BoM.
- Option 2: The IoT device vendor can also use a secure manufacturing location with dedicated equipment such as a Hardware Security Module (HSM) to manage the keys and certificate generation. However, such an approach may be incompatible with using a low-cost contract manufacturer.
- Option 3: The IoT device vendor can provision the certificates at run-time, enabling the manufacturing process to be non-secure and lower cost.
- During our time today, we will examine a run-time provisioning implementation based on SimpleLink Wi-Fi microcontrollers and AWS cloud services. This utilizes the unique identity and public/private key pair available on a SimpleLink Wi-Fi device to generate a Certificate Signing Request (CSR) to a provisioning service hosted on AWS. The CSR request can be made at any time, such as during system test at the IoT device vendor’s facility or during installation by the end-user.
By watching our webinar, you will learn:
- How to eliminate the cost of injecting client certificates during manufacturing by creating a run-time provisioning service
- An understanding of the different cloud-side and embedded components required to create a run-time provisioning service
- The specific AWS services and TI embedded SDK libraries used to implement a run-time provisioning service