Skip to main content

Zero-touch device identity management for IoT deployments that offers:

Inherent/increased security

Extended certificate lifecycle management

Zero-touch provisioning

Featuring

  • Hardware root of trust = end-to-end, chip-to-cloud security
  • IoT SAFE eSIM enabled IoT devices = zero touch provisioning/ re-provisioning of credentials
  • Next generation DNSSEC-based IoT device identity attestation

IOT Registry

The Internet of Things (IoT) has opened a world of possibilities for connectivity and efficiency — but it also introduces a massive security risk. CIRA Labs has leveraged its decades of experience running the .CA Registry to address this risk, by building an innovative new registry for IoT devices.

In partnership with TELUS and Thales, CIRA Labs has developed an IoT Registry that offers secure device provisioning and management for IoT device manufacturers, mobile network operators and cloud providers.

End-to-end, chip to cloud security

CIRA’s IoT Registry ensures a hardware root of trust by using TLS-secured communication. It works by validating the identity of the device or server by providing a digital certificate signed by a recognized Certificate Authority (CA). The receiving server or program can then check the authenticity of the certificate.

IoT SAFE eSIM enabled IoT devices

Standards for device identity management are the key to keeping IoT devices secure.

CIRA’s IoT Registry uses the IoT SAFE standard, which was developed by the mobile industry to allow IoT device manufacturers and IoT service providers to leverage the IoT device’s SIM as a robust, scalable, and standardised hardware Root of Trust to protect IoT data communications.

DNSSEC as a chain of trust

CIRA’s IoT Registry uses DNSSEC to take secure communication to the next level. It approaches zero trust security for IoT provisioning by using DNSSEC to allow a client to verify the authenticity of the IoT device. The IoT Registry has a real time publicly available, trusted and verifiable Certificate/Certificate Authority.

The IoT Registry publishes DANE TLSA records signed with a DNSSEC record with a unique identifier for IoT Device Identity, linked to the IoT SAFE root of trust certificate.

More benefits of CIRA IoT Registry

Connectivity & protocol agnostic

Secure, seamless on-boarding with enterprise connectivity

Allows the SIM to be used for application-layer security, as well as mobile network authentication

IoT security at scale — for hassle free growth

What else does the IoT Registry offer?

  • Always on; remote registration, activation & transfer = easy setup and lifecycle management & confirms that it belongs to vendor
  • Remote turn-off, wipe-clean IoT device config for granular control of credential provisioning
  • IoT security at scale — for hassle free growth

Who can use the IoT Registry?

This registry is being developed for use by the entire IoT community, from mobile network operators to device makers. It is geared towards:

  • Cloud providers
  • Mobile network operators — to increase adoption
  • Device and modem makers — simplify supply chain
  • SIM providers
  • Network infrastructure providers — simplified and trusted identity management
  • Secure IC vendors

 

Partner Projects

L-Spark MedTech Accelerator

CIRA is excited to be a partner in the L-Spark MedTech Accelerator program. L-SPARK is a community of SaaS founders, investors, mentors and partners that works with start-ups and other companies to grow innovative ideas from the ground up. The MedTech Accelerator program supports companies in developing innovative connected medical devices and services aligned with emerging global IoT security standards. CIRA is working with Telus, Solace and Blackberry to provide a technology platform to enable medical devices to be securely connected from any location.

Thales/Telus/CIRA POC

In partnership with TELUS and Thales, CIRA Labs has developed a Proof of Concept for an IoT Registry that offers secure device provisioning and management for IoT device manufacturers, mobile network operators and cloud providers. CIRA Labs brings its decades of experience running the .CA Registry to this project; while TELUS leverages its network for device-to-cloud communications. THALES e-SIMs embedded in IoT devices will ensure secure device-to-cloud communications.

Standards for device identification management are the key to keeping IoT devices secure. CIRA’s IoT Registry uses GSMA’s IoT SAFE standard, which was developed by the mobile industry to allow IoT device manufacturers and IoT service providers to leverage the IoT device’s SIM as a robust, scalable, and standardised hardware Root of Trust to protect IoT data communications.

L-Spark Secure IoT Accelerator 

CIRA developed the first version of the IoT Registry for L-Spark’s Secure IoT Accelerator project. For this project, CIRA used a fictious smart parking meter use case to illustrate how an IoT Registry could track an IoT device’s eSIMID, public keys, cloud service provider, and mobile network operator (and their status). This information can then be used to create a public DNS record of certificate fingerprints that can authenticate individual IoT devices and their cloud service provider credentials based on the unique IoT device eSIMID — all while leveraging the internet based root of trust embedded in the DNS and DNSSEC.

Stay Informed

Visit the IoT Registry Project GitHub Repository.

Learn More

Contact Us

CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

 

Partners


 

In the News

Thales IoT SAFE to secure cloud connectivity for new Internet of Things services in Canada

Read more

Ottawa-based CIRA lands spot in first cohort of L-Spark’s new secure IoT accelerator

Read more

L-Spark announces startups in first cohort of secure IoT Accelerator program

Read more

L-SPARK accelerator launches medtech program

Read more

An Innovative Framework That Will Help the IoT Industry Scale Into the Billions

Read more