Delivering supply chain attestation, protection from overproduction and extending the value derived from a device’s Root of Trust.

Digital Holograms™ – Secure IoT Device Lifecycle Management

Digital Holograms™ are an innovative mechanism developed by Trustonic that enable web services to securely determine the lifecycle authenticity of an IoT device. They are an extension of the secure key provisioning scheme that Trustonic has deployed into hundreds of factories worldwide and which has provisioned keys into over 1.7 billion mobile devices to date. Provisioning devices with keys during production creates a ‘root of trust’ and enables a service to validate that messages originate from devices made in a specific factory – but keys alone are not enough to meet the demands of truly secure IoT.

Root of Trust (RoT) – IoT Supply Chain Protection

IoT Supply Chain Protection with Digital Holograms

Although the Root of Trust, such as a key and associated X.509 certificate, can attest to a one-time event (that the device was in a trusted factory when the key was injected), due to the complexity of the value chain, IoT requires something more sophisticated. For IoT applications, the same chip or low-level module may be used in countless different devices from different manufacturers – and the assembly factories may not be sufficiently trustworthy to inject keys.

Imagine a company producing a fitness tracker using outsourced manufacture. If they enable that manufacturer to inject keys, then there is little to stop that manufacturer overproducing counterfeit devices. Digital Holograms provide a solution to this potential issue. By injecting the key securely in a trusted factory – such as the Silicon Provider – and then using Digital Holograms™ to track subsequent manufacturing events, the counterfeit goods could be identified at the time of registration with a cloud service and appropriate action taken.

Applying Digital Holograms™

Secure IoT Device Lifecycle Management with Digital Holograms

Digital Holograms can be injected to record each manufacturing step and are stored securely on the device itself using Blockchain technology to prevent anyone from being able to tamper with the ledger of Digital Holograms.

No network access is needed to add a Digital Hologram. For example, on an ARMv8-M based device, they would typically be stored in a region of the flash protected by TrustZone™. Digital Holograms are single use and, once they are bound to a specific device, they are cryptographically protected against re-use or theft.

During its manufacture, or at subsequent lifecycle stages, a device may obtain several Digital Holograms, each representing individual events. For example, to record that a device has been assigned a specific model number, has passed through a QA process, or has been recalled or serviced, a trusted player in the lifecycle of the device could simply add a Digital Hologram.

If a critical step is missed, due to IP theft or overproduction, for example, then the faulty or counterfeit devices will miss one or more of the required Digital Holograms and the omission can easily be detected. This could be either during a later stage of production or when the device is deployed in the field. The exact path a device takes from inception to the OEM is recorded when the Digital Holograms are installed, enabling manufacturing processes to be audited.

Device Attestation Enables Automatic Cloud Enrollment

Lifetime Device Trust

Trustonic software running on the device can collect all the injected Digital Holograms and prepare an attestation to prove that an application specific message came from this device. The attestation and application message are protected by the device key that was provisioned by the silicon provider.

A remote service receiving these messages can forward the attestation to Trustonic’s platform for validation. Trustonic maintains meta data on all devices and Digital Holograms and can report back to the service to confirm the series of manufacturing and lifecycle events that the device went through. Trustonic returns a report, enabling the relying service to confirm which device the application message originated from, and the lifecycle events that the device has undergone.

Download the Digital Holograms™ brochure

Secure IoT device lifecycle management & IoT supply chain protection

Digital Holograms™

Secure IoT device lifecycle management & IoT supply chain protection. Digital Holograms™ are an innovative mechanism which enable web services to securely determine the lifecycle of an IoT device.