OUR TECHNOLOGY’S PROPRIETARY IOT AUTHORIZATION AND ACCOUNTING FLEXIBLE TOOLS PLUS USEFUL EXAMPLES
To provide a clear foundation for this solution, we offer two foundational premises:
BASIC IOT AUTHENTICATION PROVIDED BY OTHERS:
IoT devices should support basic Authentication (e.g., root-of-trust; security best practices; etc.). Authentication technology is provided by others (refer to the Authentication IoT Elements of the Trust Stack for details). The examples on this page assume that devices are operating with complete Authentication (if this is not possible for some devices, we can discuss other options).
TRUSTCENTRAL’S FIVE FUNDAMENTAL, INNOVATIVE TOOLS:
Our solutions are built upon the following five proprietary tools. A familiarity with them is necessary to understand TrustCentral’s solutions. (For additional details on each, please refer to the Authorization IoT Elements of the Trust Stack).
The “AA” performs many unique functions, including: (a) acting as a Trusted Third-Party mediating service provider for devices/endpoints; (b) establishing each of the following four innovative tools with devices as needed; (c) providing certificates; etc.
Conducted by the AA with any pair of (possibly remote) devices/endpoints, the Inviter-Invite Protocol results in the establishment of an authenticated relationship between those paired devices, which then may become a Secure Communication Line.
Following completion of the Inviter-Invitee Protocol, the Attribute Authority issues an attribute certificate, thereby establishing an authenticated, persistent, Secure Communication Line relationship between that pair of devices/endpoints. That certificate includes rules and business logic for each device to follow when using the communication line relationship. A data transport method may be TLS, BLE, or other as best suited for the use case. With devices supporting authentication elements (as described in the Trust Stack) transmitted IoT data will typically be digitally signed and encrypted. [Note that as a result of the persistent authentication and authorization relationship asserted through the Secure Communication Line certificate, the overhead of typical per-secure-session authentication is not required (e.g., Diffie-Hellman key exchange).]
Devices are instructed to communicate only with devices/endpoints for which they have a Secure Communication Line certificate (or are a member of a Secure IoT Device Group as described below) and no others. Non-authenticated (and potentially malicious endpoints) will not share a Communication Line certificate with the device and therefore a protected device that is Certificate-Enforced-Whitelisting-compliant will simply ignore all non-certificated endpoint requests.
Secure IoT Device Groups:
Devices may be grouped into different groups and subgroups based on predetermined criteria. Group membership is established through certificates which may include associated rules for group membership. For example, device group management may be used to provide more than one layer of security by restricting communication and/or data sharing to only between designated groups and/or subgroups.
EXAMPLES USING TRUSTCENTRAL TECHNOLOGY’S FLEXIBILITY
While we provide many use case examples of the application of TrustCentral’s technology, this page highlights a few.
END-TO-END IOT COMMUNICATION USING TRUSTCENTRAL
WHAT ARE NOT USED: WHAT ARE USED:
CASUAL INTEGRATION OF TWO NETWORKS
DELIVERING MACHINE LEARNING AND AI DATA FROM A CLOUD SAFELY AND SECURELY INTO A PROTECTED OT ENVIRONMENT AS WELL AS TO LEGACY DEVICES
This difficult and challenging delivery becomes possible through the use of a Trust Control Box (“TCD” – please refer to the Trust Control Device diagram and description below). A chain of TCD’s create Secure Communication Lines between them. This allows data to not only be securely transmitted, but protects the device from hacking, spoofing and other malicious attacks. For more information on this use case, please see: OPERATIONAL TECHNOLOGY (OT AND IIOT and SECURING INSECURE LEGACY DEVICES)
CREATING TRUSTED RELATIONSHIPS, VEHICLES AND INFRASTRUCTURE FOR V2X AND V2I
The TrustCentral technology can be used to establish trust relationships between and amongst vehicles and infrastructure. This security ecosystem can cross-certify the Authentication, Authorization and Trust of one network to a different network. For more information on this use case, please see the use case V2V, V2X, AUTONOMOUS VEHICLES
PROVIDING EDGE INTELLIGENCE TO VEHICLES
Operating on the edge, the TrustCentral Attribute Authority can provide a valuable role by pushing valuable information to vehicles that those vehicles would otherwise have to acquire through V2V, V2I or V2C queries. This can reduce both bandwidth and processing demands at the vehicle level.
Vehicles are expected to need to communicate individually with many other vehicles and infrastructure to gain identity and other information about them, as well as to authenticate those vehicles and infrastructure in order to determine their trustworthiness. Efficient use of AA’s can shift a significant portion of those determinations away from vehicle-level resources to AA’s on the edge which can push efficient, summarized, trusted data to vehicles). For more information on this use case, please see the use case V2V, V2X, AUTONOMOUS VEHICLES
TRUST CONTROL DEVICE
ENDPOINT TERMINATION DEVICE