Thales Announces Plan to Deliver Trust for IoT Devices and Data

Thales, a provider of critical information systems, cybersecurity and data security, has announced a series of solutions that are designed to deliver security and trust for the Internet of Things (IoT). Designed to authenticate IoT devices and protect IoT data from the point of collection to aggregated data repositories, Thales’s digital birth certificate, code signing and transparent encryption solutions will allow organizations to manage device security and protect data efficiently.

The Rise of Digital Birth Certificates

Internet-connected devices, like implantable defibrillators, industrial control valves and fitness trackers, are increasingly entering the market. Connectivity comes with potential security challenges of an unpredictable kind, which Thales has set out to address by providing cryptographic credentials that establish a unique identity for each device. These so-called “digital birth certificates” are based on keys generated within the certified secure confines of the company’s tamper-resistant nShield HSMs.

Code-Signing: The Antidote to Software Tampering

High-profile malware and APT attacks, such as the Mirai botnet, have drawn attention to the need for a secure process to update firmware on devices in the field. By signing code with an HSM-protected key, the authenticity and integrity of firmware updates that deliver new functionality or security patches can be ensured, significantly reducing the risks associated with the introduction of malicious code and similar attacks, according to the announcement.

“Enterprises such as Samsung, Polycom and Microsemi currently leverage our security solutions for the IoT,” said John Grimm, senior director, IoT security strategy, Thales e-Security. “We expect this demand will continue to grow, especially as we advance our IoT solutions and services to address security and integrity for a wide range of IoT device types and platforms. Thales solutions will enable organizations to best leverage the capabilities of specific devices to establish and subsequently maintain the level of trust they need – as part of their infrastructure or by partnering with Thales to provide to them in a service model.  As we evolve to provide these capabilities as a cloud service, enterprises will have the flexibility to scale their IoT projects securely and adapt to changing requirements.”