There are numerous possible use cases for PKI-Enforced White Listing and other TrustCentral technologies in the fields of automotive, aviation, medical devices, etc. Using the technology of its Building Blocks the TrustCentral API will be offered to customers, such as software developers, Original Equipment Manufactures, governments and others. Those customers will develop and implement solutions for their specific uses.
Below are three use case examples of applying TrustCentral technology to the inter-networking of physical IoT devices that are incorporated into manufactured products, such as: buildings, automobiles, aircraft, medical devices and other products. These products are embedded with IoT devices such as control units, sensors, actuators, etc., each with network connectivity that enable these devices to collect and exchange data.
Product Assembly and Manufacture
An installer (or possibly an AI capability) can oversee and authenticate the establishment of a secure communication line between each pair IoT devices that needs to establish authenticated, secure communication within a vehicle being assembled. For example, sensors are a category of device that should be strongly authenticated to a trusted management ECU. Some devices may only need to communicate to a single other device. Other devices may need to establish secure communication lines with multiple devices. The installer digitally signs and attests to the establishment of each communication line before it is recorded in the PKI. A digital certificate is issued for each communication line. Through this process both accountability and a permanent, digital audit trail are established.
Beyond the authentication and management of individual devices, the security ecosystem supports IoT Device Group Management. IoT devices within each vehicle may be assigned to one or more “IoT Devices Group”. Group records are created for each group member, its specific identifying information, communication lines between members, and other pertinent information, with all being recorded in the PKI of the security ecosystem. Management and control of devices is facilitated through the use of groups.
Sale of the Product
The security ecosystem will support the transition of vehicle ownership through the sales process. A digital certificate (with all vehicle information) will be created for each vehicle at sale. The sale transaction itself can be supported for the buyer and dealer including digitally signing capability being provided to each party for sales contract execution. The vehicle’s informational digital certificate will become associated with the vehicle’s digital sale record (plus any financing record) and both being associated with the buyer.
The vehicle’s Passive Keyless Entry and Start (PKES) fobs would be provisioned as an IoT device per the Inviter-Invitee Protocol and be made a member of the IoT Devices Group defined as that manufactured vehicle. The security ecosystem will also support a custom secure app on a buyer’s mobile device. Once the app is provisioned on the buyer’s mobile device, it can then be authenticated with the buyer’s vehicle. The authenticated buyer, vehicle and PKES can be associated together in a distinct secure group. As regards the communication exchanges between the fob and the vehicle, a high level of security will be established in order to eliminate existing (and well documented) hacking vulnerabilities of typical PKES systems.
The dealer and/or manufacturer may optionally establish a secure communication line with the buyer via the mobile app. Thus a dealer or manufacturer may gain a useful direct, secure communication line for priority communications with the buyer.
Product Maintenance and Support
The security ecosystem continues its support of a vehicle through the maintenance and ownership period. Authentication is provided for maintenance personnel who need to establish authorized, secure access to vehicles. For example, in the case of automobiles, approved maintenance user groups could include: automobile dealers; manufacturer representatives; or other specified entities. For example, an authorized automobile dealer maintenance worker will need to be authenticated as a member of the dealer “group” given access to the “IoT Devices Group” of individual automobiles. Such users may be granted access to, and control over the IoT devices within such a vehicle group. Specific rights may be customizable for each individual maintenance worker.
Through the management capabilities of PKI features, all relationships will be visible and auditable via the security ecosystem’s API. Membership in groups will be manageable in real-time (e.g., a dismissed employee or terminated dealer will immediately lose the ability to establish access all IoT Devices Groups).
Supply Chain Integrity
A valuable side benefit of this solution is that counterfeit parts will be virtually eliminated through IoT Device Authentication procedures, thus protecting supply chain integrity (both during manufacturing and maintenance periods). This can potentially result in significant financial benefit to a manufacturer both from: (a) increased parts sales resulting from rejection of counterfeit parts, as well as (b) reduced theft as authentic parts would be effectively useless to thieves.