DigiCert brings digital certificate auto-provisioning to IoT devices

February 07, 2017 // By Jean-Pierre Joosting
DigiCert has unveiled DigiCert Auto-Provisioning, powered by Device Authority, at the DigiCert Security Summit. With Auto-Provisioning, connected device manufacturers and owners can provision digital certificates at scale, whether their devices use open standards such as SCEP or EST, or only support propriety device enrollment protocols.

"Device authentication and encryption are critical to securing connected devices and the information they share, but many software implementations lack standard protocols for provisioning devices," said DigiCert CTO Dan Timpson. "DigiCert Auto-Provisioning, powered by Device Authority, helps companies get certificates on a much wider range of IoT devices in a scalable, secure and automated way."

As the number of connected devices rises toward an estimated 50 billion by 2020, security continues to lag behind. A study published by HP Fortify estimated that three-quarters of connected devices failed to encrypt communications to the Internet and local network. Last year, researchers found that Nissan Leaf smartphone app APIs were not authenticating users on the server. Similarly in 2015, researchers highlighted a flaw in Samsung's smart fridge that attackers could use to carry out a man-in-the-middle attack and access a homeowner's credentials.

In healthcare, the FDA has recently issued "Postmarket Management of Cyber Security in Medical Devices," even as security vulnerabilities have been discovered in popular pacemakers, defibrillators and diabetes insulin pumps. The report calls for "deploying mitigations that address cyber risk early." Public key infrastructure (PKI) can be used for secure boot, patch management, machine-to-machine mutual authentication, user authentication, and data integrity to help prevent unauthorized intrusions and data manipulation.