Intel Launches IoT Device Management Service
6.10.2017 securityweek IoT
Intel this week announced the launch of a new offering to help securely automate the deploytment Internet of Things (IoT) devices and bring them online fast.
Called Intel Secure Device Onboard (Intel SDO), the new product will be offered to IoT platform providers as a service they can provide to customers looking to install and manage thousands of connected devices at once. With Intel SDO, the company says, bringing a device online will take only seconds, making the installation of a large number of devices a simple task.
According to Intel, the new product also eliminates poor security practices, such as shipping default passwords, while also offering an innovative device privacy model for IoT.
Intel SDO comes with Intel Enhanced Privacy ID (Intel EPID), the company’s privacy-preserving IoT identity solution, which allows devices to be anonymously authenticated and which establishes an encrypted communication tunnel that prevents hackers from being able to track the device.
Intel EPID is embedded in silicon before it is assembled into a device and Intel SDO leverages the TCG/ISO identity and authentication standard to cryptographically validate the device. Intel EPID can provide increased privacy by ensuring device onboarding and software provisioning updates are kept anonymous and more secure.
According to the technology giant, one of the main issues that Intel SDO addresses is the transfer of ownership. Typically, manufacturers that build and sell a large number of devices don’t know which environments their products are being deployed in, which could result in increased costs when attempting to support customer orders.
The new service, Intel says, provides compatibility with almost all IoT platforms out there. To ensure broad availability, the company partnered with silicon providers like Infineon, Microchip and Cypress Semiconductor to have the EPID identity capability embedded in their hardware.
Furthermore, cloud service platform and device management software providers like Google Cloud, Amazon Web Services (AWS), Microsoft Azure and Intel’s Wind River Helix Device Cloud will also offer integration to support Intel SDO’s zero touch model.
Intel says it has the entire value chain covered: Intel EPID identity will be embedded in the silicon, manufacturers will insert client software into boot code to support anonymous communication, owners will load their digital ownership receipt, the IoT platform will use an API to enable device registration, and the device will ultimately contact Intel SDO to prove authenticity at power on.
“Intel SDO vastly accelerates trusted onboarding of IoT devices—from minutes to seconds—with a zero-touch, automated process that begins when the device is first powered on and ends when the IoT service provider of choice takes control with a baseline chain of trust from the silicon provider through to the IoT control platform,” the company notes in the Intel SDO product description (PDF).